proof search and computation lecture notesproof search and computation lecture notes draft: april...

Proof Search andComputation

Lecture NotesDraft: April 15, 2009

Notes used for Miller’s lectures in the course “Logique Lineaire et paradigmeslogiques du calcul” at MPRI (Paris, January 2009) and the course “Proofsystems for linear, intuitionistic, and classical logic” in the Dipartimento diInformatica, Universita Ca’ Foscari di Venezia, (Venice, April 2009).

c© Dale MillerINRIA-Saclay and Laboratoire d’Informatique (LIX)Ecole PolytechniqueRue de Saclay91128 PALAISEAU Cedex FRANCE

dale.miller at inria.fr

Contents

1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.1 Roles for logic in the specification of computations . . . . . . . . . . . 31.2 Proof search as an approach to logic programming . . . . . . . . . . . 4

2 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.1 Syntactic expressions as λ-expressions . . . . . . . . . . . . . . . . . . . . . . 52.2 Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.3 Signatures and terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72.4 Formulas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82.5 Sequents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.6 Inference rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102.7 Sequent calculus proofs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132.8 Permutations of inference rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142.9 Cut-elimination and its consequences . . . . . . . . . . . . . . . . . . . . . . 152.10 Additional readings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

3 Classical and Intuitionistic Logics . . . . . . . . . . . . . . . . . . . . . . . . . . 193.1 First-order formulas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193.2 Inference rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203.3 The initial rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233.4 The cut rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243.5 Choices when doing proof search . . . . . . . . . . . . . . . . . . . . . . . . . . 263.6 Dynamics and change during of proof search . . . . . . . . . . . . . . . . 27

4 Horn and hereditary Harrop formulas . . . . . . . . . . . . . . . . . . . . . 294.1 Goal-directed search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294.2 Horn clauses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314.3 Hereditary Harrop formulas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344.4 Backchaining . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354.5 Dynamics of proof search for fohc . . . . . . . . . . . . . . . . . . . . . . . . . 374.6 Examples of fohc logic programs . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

VIII Contents

4.7 Dynamics of proof search for fohh . . . . . . . . . . . . . . . . . . . . . . . . . 414.8 Examples of fohh logic programs . . . . . . . . . . . . . . . . . . . . . . . . . . 414.9 Limitation to fohc and fohh logic programs . . . . . . . . . . . . . . . . . 43

5 Proof Search in Linear Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475.1 Sequent calculus proof for linear logic . . . . . . . . . . . . . . . . . . . . . . 475.2 Intuitionistic Linear Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505.3 Embedding fohh into intuitionistic linear logic . . . . . . . . . . . . . . . 555.4 Multiple conclusion uniform proofs . . . . . . . . . . . . . . . . . . . . . . . . 565.5 Focused proofs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

6 Linear Logic Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 636.1 Toggling a switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 636.2 Permuting a list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 646.3 Lazy splitting of contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 656.4 Context management in theorem provers . . . . . . . . . . . . . . . . . . . 656.5 Multiset rewriting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 676.6 Examples in Forum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 696.7 Asynchronous Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

7 Solutions to Selected Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Preface

This monograph develops “proof search” as a means for specifying compu-tation. In particular, we develop various normal forms of cut-free proofs inclassical, intuitionistic, and linear logics and explore how searching for suchnormal forms can be exploited to justify and enrich the logic programmingparadigm. We thus limit ourself to applying proof theory the specification ofcomputation.

The search for proofs has many dimensions that we shall not address here.For example, we shall not discuss the unification of terms, although this iscentral to most implementations of proof search systems. We shall also notconsider the more general problems involved with the specification of interac-tive and automatic theorem provers.

We keep the scope of this volume purposely narrow and will not attemptto cite the entire literature or even a significant fraction of it. In particular,only a few references we cite have been published after 1996.

This study is largely self-contained. The reader should be familiar withthe basic syntactic properties of the λ-calculus because it is used to encodesyntactic objects. No background in the formal representation of proofs isneeded although such a background is useful in the earliest chapters.

We shall occasionally present example logic programs to help illustrateproof theoretic concepts. While some familiarity with Prolog is useful forunderstanding our examples, it is also likely that a knowledge of Prolog’sadvanced and mostly non-logical features will be a barrier to understandingthe full role that logic can play in the specification of computation. When wepresent examples of logic programs, we shall use the syntactic conventions ofthe λProlog variant of Prolog.

1

Introduction

Since logic can be applied to computing and logic programming in a numberof ways, it is worth providing an overview of the roles that logic often plays,if only to help us see the particular niche that is our focus here.

1.1 Roles for logic in the specification of computations

In the specification of computational systems, logics are generally used in oneof two approaches. In the computation-as-model approach, computations areencoded as mathematical structures, containing such items as nodes, transi-tions, and state. Logic is used in an external sense to make statements aboutthose structures. That is, computations are used as models for logical ex-pressions. Intensional operators, such as the modals of temporal and dynamiclogics or the triples of Hoare logic, are often employed to express propositionsabout the change in state. This use of logic to represent and reason aboutcomputation is probably the oldest and most broadly successful use of logicfor representing computation.

The computation-as-deduction approach, uses directly pieces of logic’s syn-tax (such as formulas, terms, types, and proofs) as elements of the specifiedcomputation. In this much more rarefied setting, there are two rather differentapproaches to how computation is modeled.

The proof normalization approach views the state of a computation as aproof term and the process of computing as normalization (know variouslyas β-reduction or cut-elimination). Functional programming can be explainedusing proof-normalization as its theoretical basis [ML82] and has been usedto justify the design of new functional programming languages [Abr93].

The proof search approach views the state of a computation as a sequent (astructured collection of formulas) and the process of computing as the processof searching for a proof of a sequent: the changes that take place in sequentscapture the dynamics of computation. Logic programming can be explainedusing proof search as its theoretical basis [MNPS91] and has been used to

4 1 Introduction

justify the design of new logic programming languages, some of which arediscussed later.

The divisions proposed above are informal and suggestive: such a classifi-cation is helpful in pointing out different sets of concerns represented by thesetwo broad approaches (reductions, confluence, etc, versus unification, back-tracking search, etc). Of course, a real advance in computation logic mightallow us merge or reorganize this classification.

1.2 Proof search as an approach to logic programming

The term proof search as it is used in this text has a number of parallel withthe term logic programming. In the late 1980’s and early 1990’s, the prooftheory for classical, intuitionistic, and linear logic was used to motivate thedesign of logic programming languages that significantly extended the expres-sive strength of those languages based on first-order Horn clauses. In principle,proof search in higher-order intuitionistic logic allows for abstractions such asmodular programming and higher-order programming as well as providingdeclarative treatments of data-structures that contained binders. When em-bracing linear logic as well, richer dynamics of computation can be capturedusing logical formulas instead of non-logical terms and data-structures. Be-sides presenting the proof theory justifications for the design of some of thesericher logic programming languages, we shall also present numerous examplesof programming in these languages.

2

Preliminaries

In matters of the presentation of the syntax of terms and formulas, we followAlonzo Church’s Simple Theory of Types [Chu40] since it provides a simplemeans to integrate propositional logic, (multi-sorted) first-order logic, and ahigher-order logic all within the same framework.

2.1 Syntactic expressions as λ-expressions

The untyped λ-calculus will serve as our most primitive notion of syntacticexpression, allowing us to uniformly represent types, terms, formulas, and se-quents. While the untyped λ-calculus is rather complex, we shall limit ouruse of it to β-normal expressions: in this case, much of that complexity disap-pears. In fact, we shall rely mostly on those β-normal forms that can be givena simple type. To reinforce our use of the untyped λ-calculus for representingonly syntax (and not functional programs intended for computation), we shallrefer to untyped λ-terms as untyped λ-expressions.

One advantage in choosing λ-expressions as a starting point is that theyprovide us with a universal notion of binding and substitution that all syntac-tic objects directly inherit. We shall assume that the reader is familiar withthe most basic notions behind the untyped λ-calculus. We review a few suchnotions here.

We shall assume the existence of a fixed and denumerably infinite set oftokens, which are primitive syntactic expressions. There are two other meansfor building other syntactic expressions, following the usual formation rules ofthe λ-term. Given two syntactic structures, say M and N , their application is(MN) (applications is thus the infix juxtaposition operation and it associatesto the left). Given a syntactic structure M and a token x, the abstraction ofx over M is (λx.M). Here, the token x is a bound variable with scope M .

The usual notions of free and bound variables are assumed, as is the con-cept of alphabetic conversion of bound variables (via the α-conversion rule):we identify two syntactic expressions up to α-conversion. A term is β-normal

6 2 Preliminaries

if it is of the form λx1 . . . λxn.(ht1 . . . tm) where n,m ≥ 0, h, x1, . . . , xn aretokens, and the terms t1, . . . , tm are all in β-normal form. In this case, we callthe list x1, . . . , xn the binder, the token h the head, and the list t1, . . . , tm thearguments of the term. Reduction following the β-rule replaces a β-redex, thatis, a subexpression of the form (λx.M)N , with the capture avoiding substitu-tion of N for x in M . Reduction following the η-rule replaces a subexpressionof the form λx(Mx) with M , provided that x is not free in M . When weuse the terms β-conversion and βη-conversion, we shall always assume theα-conversion rule is implicit.

Our main use of β-reduction will be to formalize substitution. In particular,the notation M [N/x] denotes the β-normal form of (λx.M)N .

Exercise 1. Is there an expression N such that (λx.w)[N/w] is equal to λy.y(modulo α-conversion, of course)?

2.2 Types

The token o is reserved and is used as the type of formulas (to be defined inSection 2.4). This type must not be confused with a type for boolean values:objects of type o are syntactic expressions. Let S be a fixed, non-empty set oftokens that does not contain o. The types in S ∪ {o} are primitive types (alsocalled sorts). The set of types is the smallest set of expressions that containsthe primitive types and is closed under the construction of “arrow types”,denoted by the binary, infix symbol →. The Greek letters τ and σ are usedas syntactic variables ranging over types. The type constructor → associatesto the right: read τ1 → τ2 → τ3 as τ1 → (τ2 → τ3). (Using the terminology ofSection 2.1, → is a token now declared with a specific role and the expressionτ1 → τ2 is the infix presentation of the expression ((→ τ1)τ2).)

Let τ be the type τ1 → · · · → τn → τ0 where τ0 ∈ S ∪ {o} and n ≥ 0. Thetypes τ1, . . . , τn are the argument types of τ while the type τ0 is the target typeof τ . If n = 0 then τ is τ0 and the set of argument types is empty. The orderof a type τ is defined as follows: If τ is primitive then τ has order 0; otherwise,the order of τ is one greater than the maximum order of the argument typesof τ . If ord(τ) denotes the order of type expression τ then the following twoclauses define ord(·).

ord(τ) = 0 provided τ ∈ S ∪ {o}ord(τ1 → τ2) = max(ord(τ1) + 1, ord(τ2))

Notice that τ has order 0 or 1 if and only if all the argument types of τ areprimitive types. We say, however, that τ is a first-order type if the order ofτ is either 0 or 1 and that no argument type of τ is o. The target type of afirst-order type may be o.

2.3 Signatures and terms 7

2.3 Signatures and terms

Signatures are used to formally declare that certain tokens are of a certaintype. In particular, a signature (over S) is a set Σ (possibly empty) of pairs,written as x: τ , where τ is a type and x is a token. We require a signature tobe functional in the sense that for every token x, if x: τ and x: σ are membersof Σ then τ = σ. More generally, we use signatures in judgments such asΣ −− t: τ where the variables in Σ are considered bindings over the entirejudgment. Here also, t is a term and τ is a type. If we provided a more literalencoding of such a typing judgment as an untyped λ-expression, the judgment,for example, x : τ1, y : τ2 −− t: τ could be encoded as the λ-expression

loc τ1 (λx. loc τ2 (λy. − (: x τ)))

where loc is a token introduced to indicate that a binder is added to a judg-ment, − is a token used to separate the binders from the target judgment,and : is a token used to pair a term with a type. Thus, two judgments areidentified if they differ by systematic renames of declared tokens. We shall notgenerally care to be so literal in our encodings of judgments, but it is usualto see at least once.

If we were to allow non-normal λ-terms to have types, then the proofsystem including the following three rules

Γ, x: t −− x: tΣ −− t: σ → τ Σ −− s:σ

Σ −− (ts): τΣ, x: τ −− M : σ

Σ −− (λx.M): τ → σ

would suffice. We shall, instead, adopt the inference rules in Figure 2.1 asformal definition of the proof system for typing, since it gives types only toβ-normal terms. If the judgment Σ −− t: τ is provable then we say that t is aΣ-term of type τ .

Γ, x: t −− x: t

Σ −− N : σ Σ, x: σ′ −− M : τ

Σ, f : σ → σ′ −− M [(fN)/x]: τ

Σ, x: τ −− M : σ

Σ −− (λx.M): τ → σ

Fig. 2.1. Typing judgment for Σ-terms of type τ .

Exercise 2. Prove that if t is a Σ-term of type τ , then t is β-normal.

Exercise 3. Fix a set of sorts S and a signature Σ over S. Prove that if thereare primitive types τ and τ ′ such that Σ −− t: τ and Σ −− t: τ ′, then τ = τ ′.Show that this statement is not true if we allow τ and τ ′ to be non-primitive.

Exercise 4. Fix a set of sorts S and a signature Σ over S. Prove that if t isa Σ-term of type τ and τ is primitive then the binder of t is empty, the headof t is given a type, say, τ1 → · · · → τm → τ0 and for i = 1, . . . , m, the ith

argument of t is a Σ-term of type τi.

8 2 Preliminaries

2.4 Formulas

Important constants to declare when presenting a logic are those denoting theconnectives and quantifiers. These logical constants are declared by a signaturein which all token are declared a type that has target type o. These constantsare generally fixed for a given logic. For example, in Chapter 3, classical andintuitionistic logics are considered using the following signature for declaringthe logical constants.

{>: o, ⊥: o, ∧: o → o → o, ∨: o → o → o, ⊃: o → o → o} ∪{∀τ : (τ → o) → o | τ ∈ S} ∪ {∃τ : (τ → o) → o | τ ∈ S}

Notice that this signature contains types of order 0, 1, and 2. We will followthe usual conventions in writing expressions with these symbols: The binarysymbols ∧, ∨, and ⊃ are written in infix notions with ∧ and ∨ associatingto the left and ⊃ associating to the right and ∧ has higher priority than ∨which has higher priority than ⊃. The expressions ∀τλx.B and ∃τλx.B areabbreviated as ∀τx.B and ∃τx.B, respectively, or as simply ∀x.B and ∃x.B ifthe value of the type subscript is not important or can easily be inferred fromcontext.

After fixing the declaration of logical constants, say Σ0, we fix the setof non-logical symbols, say Σ. Such symbols may be used as constants orvariables depending on the context. Let c: τ1 → · · · → τn → τ0 ∈ Σ1, where τ0

is a primitive type and n ≥ 0. If τ0 is o, then c is a predicate symbol of arityn. If τ0 ∈ S (i.e., τ is not o), then c is a function symbol of arity n; if n = 0,we also say that c is an individual symbol.

A Σ0 ∪Σ-term of type o is also called a Σ0 ∪Σ-formula, or more usuallyeither a Σ-formula (since Σ0 is usually fixed) or just a formula (if Σ is un-derstood). Notice that in this presentation of logic, formulas are special casesof terms.

A logic is propositional if all the logical constants have types that are order0 or 1. A logic is first-order if all the logical constants have types that are order0, 1, or 2. If a logic contains constants with order greater than 2, the logic issaid to be a higher-order logic.

A signature is propositional if all its constants are of type o. A signature isfirst-order if all its constants are of first-order type. If Σ0 is the declaration fora propositional logic and Σ is a propositional signature, then a Σ0∪Σ-formulais a propositional formula. Similarly, if Σ0 is the declaration for a first-orderlogic and Σ is a first-order signature, then a Σ0 ∪ Σ-formula is a first-orderformula. If Σ0 is the declaration for a higher-order logic and Σ is a signature,then a Σ0 ∪Σ-formula is a higher-order formula.

Assume that Σ0 declares logical connectives for a first-order logic and thatΣ is a first-order signature. Let τ be a primitive type different from o. A first-order term t of type τ is either a token of type τ or it is of the form (f t1 . . . tn)where f is a function symbol of type τ1 → · · · → τn → τ and, for i = 1, . . . , n,

2.5 Sequents 9

ti is a term of type τi. In the latter case, f is the head and t1, . . . , tn are thearguments of this term. Similarly, a first-order formula either has a logicalsymbol as its head, in which case, it is said to be non-atomic, or a non-logicalsymbol at its head, in which case it is atomic.

2.5 Sequents

We shall not attempt to define completely the notion of sequent, inferencerule, and proof. Rather we outline of number of characteristics that we shallfind common in the sequent calculi examined in this text.

Proof are seldom of a single formula but more generally of judgmentsthat relate various formulas. Example judgments might be that the formulaB follows from the assumptions in Γ or that one of the formulas in ∆ isprovable. Sequents are intended to collect together such formulas in such ajudgment and to allow reasoning steps to be applied to formulas within asurrounding context. Typically, sequents are constructed in many ways: weoutline here the few major differences in sequents that we shall study here.

Sequents will contain the special symbol −. Collections of formulas insequents will be either lists or multisets or sets. Sequents can also be one-sided or two-sided. One-sided sequents are usually written as − ∆ and two-sided sequents are usually written as Γ − ∆, where Γ and ∆ are one of thethree kinds of collections of formulas mentioned above. Sometimes we shallsee multiple collections of formulas, separated by a semicolon, on both the leftand right sides of sequents; for example, Γ ;Γ − ∆;∆′ and − ∆; ∆′; ∆. In thetwo-sided sequent Σ: Γ − ∆, we shall say that Γ is this sequent’s antecedentor left-hand side and that ∆ is its succedent or right-hand side.

When sequents are used for quantificational logic, they will also have asignature prefixing the sequent, such as, Σ: − ∆ and Σ:Γ − ∆ in orderto declare certain symbols appearing in quantificational sequents (usually, socalled, eigenvariables). Sequents will also satisfy the following property withrespect to any prefixed signature: If ΣL is the signature declaring a logicalconstants and ΣC is the signature declaring non-logical constants, then allformulas in any list or multiset or set in a sequent prefixed with Σ will be aΣL ∪ΣC ∪Σ-formula.

When presenting a particular notion of sequents, say, for example Σ;Γ −∆, we will specify that Γ and ∆ are either lists, multisets, or sets of formulas.In order to encode such objects into λ-expressions, we can do the follow-ing. First, introduce constructors for an empty collection, singleton collec-tion, and union of collections. Enforcing various equalities on these construc-tors yield lists (associativity, identity), multisets (associativity, commutativity,identity), and sets (associativity, commutativity, idempotency, identity). Theexact details of such an encoding are not particularly important here. We donote the following issues with respect to matching expressions with schematic

10 2 Preliminaries

variables. For example, let B denote a formula and let Γ and Γ ′ denote col-lections of formulas. Considering what it means to match the expression B, Γ ′

and Γ ′, Γ ′′ to a given collection, which we assume to contain n ≥ 0 formulas.If the given collection is a list, then B,Γ ′ matches if the list is non-empty

and B is the first formula and Γ ′ is the remaining list. The expression Γ ′, Γ ′′

matches if Γ ′ is some prefix and Γ ′′ is the remaining suffix of that list: thereare n + 1 possible matches.

If the given collection is a multiset then B, Γ ′ matches if the multiset isnon-empty and B is a formula in the multiset and Γ ′ is the multiset resultingin deleting one occurrence of B. The expression Γ ′, Γ ′′ matches if the multisetunion of Γ ′ and Γ ′′ is Γ : there can be as many as 2n possible matches sinceeach member of Γ can be placed in either Γ ′ or Γ ′′.

If the given collection is a set then B,Γ ′ matches if the set is non-emptyand B is a formula in the set and Γ ′ is either the given set or the set resultingfrom removing B from the set. The expression Γ ′, Γ ′′ matches if the set unionof Γ ′ and Γ ′′ is Γ : there can be as many as 3n possible matches, since eachmember of Γ can be placed in either Γ ′ or Γ ′′ or in both.

2.6 Inference rules

Inference rules will have a single sequent as a conclusion and zero or moresequents as premises. Of the numerous inference rules used in present varioussequent calculus, three board classes of rules can be identified. These are thestructural rules, the identity rules, and the introduction rules.

Since sequents describe relationships among formulas, the natural of acontext in which a formula is located is an important element of that for-mula’s meaning and role in proof. In order to analyze in detail the interplaybetween a formula and its context, it is sometimes desirable to not hide thestructural differences between lists, multisets, and sets within some equalitytheory for the constructors of such collections, as described in the precedingsection. Instead, one might assume that inference rules are used to permuteitems in a context or to replace two occurrences of the same formula withone occurrences. There are three common structural rules, called exchange,contraction, and weakening and they are illustrated in Figure 2.2 in both leftand right side versions.

The exchange rules, xL and xR, can be used on lists to exchange any twoconsecutive elements: this structural rule does not modify a multisets or setscontext. The contraction rules, cL and cR, can be used on lists and multisetsto replace two occurrences of the same formula with one occurrence: thisstructural rule does not modify sets context (hence, it does not seem sensibleto use an explicit contraction rule when the context is a set). The weakeningrules, wL and wR, can be used to insert a formula into a context. If usedwith a list, these rule inserts the new occurrence only at the end of context:

2.6 Inference rules 11

it is simple to write a version of the weakening rules that allow for insertinga formula into any position of the list.

Σ: Γ ′, B, C, Γ ′′ − ∆

Σ: Γ ′, C, B, Γ ′′ − ∆xL

Σ: Γ − ∆′, B, C, ∆′′

Σ: Γ − ∆′, C, B, ∆′′ xR

Σ: Γ, B, B − ∆

Σ: Γ, B − ∆cL

Σ: Γ − ∆, B, B

Σ: Γ − ∆, BcR

Σ: Γ − ∆Σ: Γ, B − ∆

wLΣ: Γ − ∆

Σ: Γ − ∆, BwR

Fig. 2.2. Structural rules.

Exercise 5. Let ∆′ be a permutation of the list ∆. Show that a sequence ofxR rules can transform the sequent Σ:Γ − ∆ into the sequent Σ: Γ − ∆′.

The group of identity rules generally contains the initial and the cut rules,examples of which are displayed in Figure 2.3. Whereas the structural rulesimply properties of the contexts used in forming sequents, the cut and initialrules explain the meaning of the sequent symbol −. In particular, these tworules can be seen as stating that − is reflexive and transitive. It is possibleto see these two rules as describing dual aspects of −, although this is easierto see when more declarative presentations of sequent calculus is are used.Notice also that these rules contain repeated occurrences of schema variables:in the initial rule, the variable B is repeated in the conclusion and in the cutrule, the variable B is repeated in the premise.

It might be natural to refer to an inference rule with zero premises as an“axiom”. We shall not do this here since the term “axiom” usually refers toa formula that is accepted as starting point. Since sequents are not formulas,we use other names for such starting points of sequent calculus proofs.

Σ: B − Binit

Σ: Γ1 − ∆1, B Σ: B, Γ2 − ∆2

Σ: Γ1, Γ2 − ∆1, ∆2cut

Fig. 2.3. Example of the identity rules: initial and cut.

When an inference rule has two premises, there are two general and nat-ural ways to relate the contexts in the two premises with the context in theconclusion. An inference rules is multiplicative if contexts in the premises aremerged to form the context in the conclusion. The cut rule illustrated aboveis an example of a multiplicative rule. A rule is additive if the contexts forboth premises and the conclusion are equal. An additive version of the cutinference rule can be written as

12 2 Preliminaries

Σ: Γ − ∆,B Σ: B,Γ − ∆

Σ: Γ − ∆

The final group of inference rules that we highlight here are the intro-duction rules, so called because they introduce one occurrence of a logicalconnective into the conclusion of the inference rule. Usually, a logical con-nective is introduced two ways. If the sequents employed are two-sided, thenthere is usually a left-introduction rule that introduces the new occurrence ofthe connective into a context on the left and a right-introduction rule thatintroduces the new occurrence of the connective into a context on the rightof the −. If the sequent is one-sided, then the corresponding left-introductionrule is usually replaced by a right-introduction for the connective that is its deMorgan dual (if it has one). Figure 2.4 presents a few examples of introductionrules for some logical connectives.

Σ: B, Γ − ∆

Σ: B ∧ C, Γ − ∆∧L

Σ: C, Γ − ∆

Σ: B ∧ C, Γ − ∆∧L

Σ: Γ − ∆, B Σ: Γ − ∆, C

Σ: Γ − ∆, B ∧ C∧R

Σ: Γ1 − ∆1, B Σ: C, Γ2 − ∆2

Σ: B ⊃ C, Γ1, Γ2 − ∆1, ∆2⊃L

Σ: B, Γ − ∆, C

Σ: Γ − ∆, B ⊃ C⊃R

Σ −− t: τ Σ: Γ, B[t/x] − ∆

Σ: Γ, ∀τx B − ∆∀L

Σ, y: τ : Γ − ∆, B[y/x]

Σ: Γ − ∆, ∀τx B∀R

Fig. 2.4. Examples of left and right introduction rules.

Notice that conjunction is given two left introduction rules and one rightintroduction rules: this last rule is an example of an additive inference rule.Implication is given one left and one right introduction rule: the left introduc-tion rule is an example of a multiplicative rule.

The signature Σ plays a direct role in the specification of the quantifierrules. In particular, the introduction of the universal quantifier ∀ in the leftuses the signature to determine which are appropriate substitution terms forthe quantifier. The right introduction rule for ∀ changes the signature fromΣ ∪ {c: τ} above the line to Σ below the line. Notice that if we were to thinkof signatures as lists of pairs containing distinct variable names, then we mustmaintain that the symbol y is not free in any formula in the conclusion of therule. If we think of signatures as binding structures within a sequent, thenwe view the ∀R as specifying that a sequent-level binding (namely, for y) canmove to a formula-level binding (namely, for x). Such a sequent-level boundvariable is generally called an eigenvariable. By viewing quantifiers as bindingsin formulas and signatures as binders for sequents, then the inference rule ∀Ressentially effects the mobility of a binder: reading this proof down, a bindermoves from the sequent level (the binder for y) to the formula level (the binder

2.7 Sequent calculus proofs 13

for x). At no point is the binder replaced with a “free variable”. Of course,this movement of the binder is only allowed if no occurrences of the boundvariable above the line are unbound below the line: thus all occurrences of yin the upper sequent must appear in the displayed occurrence of B[y/x].

The premise Σ −− t: τ for the ∀L rule should actually be written as Σ ∪ΣC ∪ΣL −− t: τ where ΣL and ΣC are the signatures for the logical and non-logical constants, respectively. We shall choose to write this condition withthe smaller signature for convenience. Also, one has the choice whether or notthis typing judgment is used as a formal part of the proof (hence, the proofof the typing judgment is a subproof of a proof of the conclusion to this rule)or as a side condition, namely, the requirement that premise is provable (inthis case, the proof of that fact is not incorporated into the sequent proof).

Exercise 6. Write the multiplicative version of the ∧R rule and the additiveversion of the ⊃L rule. Assume that both the left and right side contexts aremultisets. Show that additive and multiplicative rules can be derived fromone another if weakening and contraction structural rules are used.

2.7 Sequent calculus proofs

Derivations and proofs will not formally be encoded as untyped λ-expressions(as introduced in Section 2.1). This is largely because at the level of proof thenature of abstraction does not need to play an important role and, hence, weshall make use the simpler notion of labeled trees to represent these structures.This choice is in contrast to the usual Curry-Howard Isomorphism approach toencoding natural deduction proofs as (typed) λ-expressions. The vocabularyassociated to labeled trees (subtree, leaf, etc) seems a bit more natural herethan that for terms (sub-term, free variable, etc).

Assume that a signature of logical constant ΣL is given and that a collec-tion of inference rules are specified. Let S be a sequent.

Derivations and proofs will be represented by finite trees with labelednodes and edges, containing at least one edge. Nodes are labeled by occur-rences of inference rules or by two improper rules, open and root. All treescontain exactly one node labeled root, called the root node. Let N be anothernode in the tree. The edge leading from N to the root node is called its out-arcwhile the other n ≥ 0 arcs terminating at N are called its in-arcs: in this case,n is the in-degree of the node N . If N is labeled with open, then N must havezero in-arcs. If N is labeled by an occurrence of a proper inference rule, theout-arc must be labeled with the conclusion of the inference rule occurrenceand the in-arcs must be labeled with the premise sequents. Of course, sequentlabels are determined to be equal using the rules of λ-expression.

A derivation for S is such a labeled tree in which the in-arc to the rootis labeled with S. The smallest derivation for S is a tree with two nodes, onelabeled with root and one labeled with open and with the edge between them

14 2 Preliminaries

labeled with S. A derivation for S without any nodes labeled open is a proof ofS. In these cases, the sequent S is also called the endsequent of the derivationor the proof.

When we write derivation trees: leaves with no line over them are takenas ending in an open node. If there is a line, then we assume that there arezero premises: in other words, the tree ends with a proper inference rule thathas an in-degree of zero.

Given a particular sequent calculus proof system, say X , we shall writeΣ: Γ `X ∆ to denote the fact that the sequent Σ:Γ − ∆ has a proof in X .If Σ is empty, we write just Γ `X ∆. If Γ is also empty, we write `X ∆. Ifthe proof system is assumed, the subscript X is not written. Thus, ` ∆ willmean the sequent ·: · − ∆ is provable.

Exercise 7. Let Ξ be a sequent calculus proof containing just cut and initialinference rules. Show that all cuts can be removed to yield a proof of the sameendsequent. Describe what can be proved using only initial and cut.

2.8 Permutations of inference rules

An important aspect of the structure of a sequent calculus proof system is theway in which inference rules permute or do not permute.

Assume that the following three inference rules are part of the presentationof a logic. Here, the left and right hand contexts are assumed to be multisets.

Σ:Γ1 − ∆1, B Σ: C, Γ2 − ∆2

Σ:B ⊃ C, Γ1, Γ2 − ∆1,∆2⊃L

Σ:B, Γ − ∆,C

Σ: Γ − ∆,B ⊃ C⊃R

Σ:B, Γ − ∆ Σ: C, Γ − ∆

Σ: B ∨ C, Γ − ∆∨L

Notice that the ⊃L rule is given in its multiplicative form and the ∨L rule isgiven in its additive form. Now consider the following small derivation.

Σ: Γ, p, r − s,∆ Σ:Γ, q, r − s,∆

Σ: Γ, p ∨ q, r − s,∆∨L

Σ:Γ, p ∨ q − r ⊃ s,∆⊃R

Here, implication is introduced on the right below a left introduction of adisjunction. This order of introduction can be switched, as we see in thefollowing combination of inference rules.

Σ: Γ, p, r − s,∆

Σ: Γ, p − r ⊃ s, ∆⊃R

Σ: Γ, q, r − s,∆

Σ:Γ, q − r ⊃ s,∆⊃R

Σ: Γ, p ∨ q − r ⊃ s,∆∨L

Notice that in this latter proof, we need to have two occurrences of the rightintroduction of implication.

2.9 Cut-elimination and its consequences 15

Sometimes inference rules can be permuted if additional structural rulesare employed. Consider the following derivation containing two inference rules.

Σ: Γ1, r − ∆1, p Σ: Γ2, q − ∆2, s

Σ:Γ1, Γ2, p ⊃ q, r − ∆1,∆2, s⊃L

Σ: Γ1, Γ2, p ⊃ q − ∆1,∆2, r ⊃ s⊃R

To switch the order of these two inference rules requires introduction someweakenings and a contraction.

Σ:Γ1, r − ∆1, p

Σ: Γ1, r − ∆1, p, swR

Σ: Γ1 − ∆1, p, r ⊃ s⊃R

Σ: Γ2, q − ∆2, s

Σ: Γ2, q, r − ∆2, swL

Σ:Γ2, q − ∆2, r ⊃ s⊃R

Σ: Γ1, Γ2, p ⊃ q − ∆1,∆2, r ⊃ s, r ⊃ s⊃L

Σ:Γ1, Γ2, p ⊃ q − ∆1, ∆2, r ⊃ scR

If these additional structural rules are not available, then the original twoinference rules cannot be permuted.

As we encounter inference rules for specific logics later, we will first observewhat pairs of inference rules are permutable. Such information is central tothe proof of cut-elimination as well as to the establishment of normal formsof proofs used to understand the nature of proof search.

2.9 Cut-elimination and its consequences

For most of the sequent proof systems we consider, the cut-elimination theo-rem holds: that is, a sequent has a proof if and only if it has a cut-free proof(a proof with no occurrences of the cut rule). This central theorem of sequentcalculus proof systems has a number of consequences, some of which we listhere.

The consistency of a logic is a simple consequence of cut-elimination. Inparticular, assume that the sequent · −⊥ has a proof. Since it has a cut-free proof, that proof must end in a structural rule (since there is usually nointroduction rule for ⊥ on the right). But the structural rules do not yield aprovable sequent, so ⊥ has no proof. In this case, what is explicitly ruled outby not having the cut rule is the possibility that there is some formula B suchthat B and ¬B are provable: that is, that the sequents · − B and B −⊥ areprovable.

The success of proving the cut-elimination theorem also signals that certainaspects of the logic’s proof system were well designed in the sense that whatthe left-hand rule says about a logical connective is complementary to whatthe right hand rule says about the same logical connective.

When formulas involve only first-order quantification, a formula occurringin a sequent in a cut-free proof is always a subformula of some formula ofthe endsequent. This is the so-called subformula property of cut-free proofs.

16 2 Preliminaries

When searching for a proof, one needs only to choose and rearrange subfor-mulas (which also means choosing instantiations of quantified expressions) inbuilding a proof. In the higher-order setting, instantiating a predicate vari-able can result in larger formulas: thus, there is not a simple and meaningfulnotion of subformula property. Even in the higher-order setting, however, thecut elimination theorem can offer many useful structural properties aboutprovability.

If one is attempting to prove theorems that might be mathematically in-teresting, one discovers that cut (also called modus ponens) actually serves asthe main inference rule: it is a common activity when doing mathematicallymotivated proofs to state lemmas and invariants that are not simply subfor-mulas of one’s intended theorem and then to link them together by a chain ofmodus ponens. Eliminating cut in such a proof would necessarily yield a hugeand low-level proof where all lemmas are “in-lined” and reproved at everyinstance of their use.

As we have seen, the fact that cuts can be eliminated from proofs is an im-portant property of a proof system since it can imply that logic’s consistency,for example.

Cut-free proofs can be huge objects. For example, if one uses the numberof nodes in a proof as a measure of its size, there are cases where cut-freeproofs are hyperexponentially bigger than proofs allowing cut. Thus, sequentswith proof of rather small size can have cut-free proofs that require moreinference rules than atomic particles in the universe. It is almost certainlythe case that if a cut-free proof is actually computed and stored in somecomputer memory, the thing that that proof proves is almost certainly notmathematically interesting. This observation does not disturb us here since weare not interested in cut-free proofs as ways of describing computation tracesonly. For us, cut-free proofs are more akin to Turing machines configurations:that is, they provide a low-level and detailed history of a computation.

Recording a computation as a cut-free proof can be superior to, say, record-ing Turing machine configurations since proofs can be reasoned with in ratherdeep ways. For example, assume that we have a cut-free proof of the two-sidedsequent P − G for some logic, say, X . As we shall see, in many approaches toproof search, it is natural to identify the left-hand context P to specificationof a (logic) program and G as the goal or query to be established. A cut-freeproof of such a sequent is then a trace that this goal can be established fromthis program. Now assume that we can prove P ′ `+ P where P ′ is some otherlogic program and `+ is provability in X+ which is some strengthening of Xin which, say, induction and/or co-induction principles are added (as well ascut). If the stronger logic satisfies cut-elimination, then we know that P ′ − Ghas a cut-free proof in the stronger logic X+. If things have been organizedwell, it can then become a simple matter to see that cut-free proofs of suchsequents do not, in fact, make use of the stronger proof principles, and, hence,P − G has a cut-free proof in X . Thus, using cut-elimination, we have beenable to move from a mathematical proof about programs P and P ′ imme-

2.10 Additional readings 17

diately to the conclusion that whatever goals can be established for P canbe established for P ′. Clearly, the ability to do this kind of direct, logicallyprincipled reason about programs and their computations should be a centralstrength of the proof search paradigm for computing.

2.10 Additional readings

Texts for the lambda-calculus: Barendregt, Krivine, ...The use of untyped λ-expressions is similar to the so-called “Curry-style”

of typed λ-terms: bound variables are not assumed globally to have types butare provided a type when they are initially bound. This is in contrast to theChurch-style approach where variables have types independently of whetheror not they are bound.

In [Kle52], Kleene presents a detailed analysis of permutability of inferencerules for classical and intuitionistic sequent systems similar to those presentedhere.

Proofs of cut-elimination theorem can be found in various places. Theoriginal proof due to Gentzen [Gen69] is still quite readable. See also [Gal86,GTL89]. Constructive proofs can be given and these result in procedures thatcan take a proof and systematically remove cut rules.

The duality of the initial and cut rules is easily seen when one considerstheir presentation in the Calculus of Structures [Gug07] or when using linearlogic as a meta-logic for sequent calculus [MP02, MP04]. In both of thesecases, the formal dual of one of these inference rules is the other.

3

Classical and Intuitionistic Logics

3.1 First-order formulas

Formulas in both classical and intuitionistic first-order logic make use of thesame set of logical connectives, namely, ∧ (conjunction), ∨ (disjunction), ⊃(implication), > (truth), ⊥ (absurdity), ∀τ (universal quantification over typeτ), and ∃τ (existential quantification over type τ). The negation of B, written¬B, is an abbreviation for the formula B ⊃⊥. The logical constants have typeo, the binary constants have type o → o → o, and the quantifiers ∀τ and ∃τ

have type (τ → o) → o.We define clausal order of formulas using the following recursion on first-

order formulas.

clausal(A) = 0 provided A is atomic, >, or ⊥clausal(B1 ∧B2) = max(clausal(B1), clausal(B2))clausal(B1 ∨B2) = max(clausal(B1), clausal(B2))clausal(B1 ⊃ B2) = max(clausal(B1) + 1, clausal(B2))

clausal(∀x.B) = clausal(B)clausal(∃x.B) = clausal(B)

This measure counts the number of times implications are nested to the leftof implications. In particular, clausal(¬B) = clausal(B)+1. The clausal orderof a finite set or multiset of formulas is the maximum clausal order of anyformula in that set or multiset.

The polarity of a subformula occurrence within a formula is defined asfollows. If a subformula C of B occurs to the left of an even number of oc-currences of implications in B, then C is a positive subformula occurrence ofB. On the other hand, if a subformula C occurs to the left of an odd numberof occurrences of implication in a formula B, then C is a negative subformulaoccurrence of B. More formally:

• B is a positive subformula occurrence of B.

20 3 Classical and Intuitionistic Logics

• If C is a positive subformula occurrence of B then C is a positive subfor-mula occurrence in B ∧ B′, B′ ∧ B, B ∨ B′, B′ ∨ B, B′ ⊃ B, ∀τx.B, and∃τx.B; C is also a negative subformula occurrence in B ⊃ B′.

• If C is a negative subformula occurrence of B then C is a negative subfor-mula occurrence in B ∧ B′, B′ ∧ B, B ∨ B′, B′ ∨ B, B′ ⊃ B, ∀τx.B, and∃τx.B; C is also a positive subformula occurrence in B ⊃ B′.

Signatures are used to introduce both non-logical constants and variables:the difference between a constant and variable is determined by their use:variables are tokens that can vary (by being instantiated by terms) whileconstants are tokens that do not vary.

3.2 Inference rules

To provide a modular presentation of provability in classical and intuitionisticlogics, we shall use sequents of the form Σ:∆ − Γ , where ∆ is a set of formulasand Γ is a multiset of formulas.

The rules for introducing the logical connectives are presented in Fig-ure 3.1, the identity rules are given in Figure 3.2, and the structural rules aregiven in Figure 3.3. Since the left-hand side of sequents are sets, no left-handside structural rules need to be presented.

Of the four inference rules with two premises,⊃L and cut are multiplicativerules while ∧R and ∨L are additive.

Provability in classical logic is given using the notion of a C-proof, whichis any proof using inference rules in Figures 3.1, 3.2, and 3.3. Since bothright structural rules are admitted in C-proofs, it is possible to give anotherpresentation of classical logic in which both the left and right of the sequentare sets. Provability in intuitionistic logic is given using the notion of a I-proof,which is any C-proof in which the right-hand side of all sequents contain either0 or 1 formula.

Let Σ be a given first-order signature over S, let ∆ be a finite set of Σ-formulas, and let B be a Σ-formula. We write Σ;∆ `C B and Σ; ∆ `I B ifthe sequent Σ: ∆ − B has, respectively, a C-proof or an I-proof.

Proposition 3.1 If Σ: ∆ − Γ has an I-proof then that proof does not containoccurrences of cR and only occurrences of wR of the form

Σ:Γ −Σ:Γ − B

The notion of provability defined here is not equivalent to the more usualpresentations of classical and intuitionistic logic [Fit69, Gen69, Pra65, Tro73]in which signatures are not made explicit and substitution terms (the termsused in ∀L and ∃R) are not constrained to be taken from such signatures. Themain reason they are not equivalent is illustrated by the following example.Let S be the set {i, o} and consider the sequent

3.2 Inference rules 21

Σ: B, Γ − ∆

Σ: B ∧ C, Γ − ∆∧L

Σ: C, Γ − ∆

Σ: B ∧ C, Γ − ∆∧L

Σ: Γ − ∆, B Σ: Γ − ∆, C

Σ: Γ − ∆, B ∧ C∧R

Σ: B, Γ − ∆ Σ: C, Γ − ∆

Σ: B ∨ C, Γ − ∆∨L

Σ: Γ − ∆, B

Σ: Γ − ∆, B ∨ C∨R

Σ: Γ − ∆, C

Σ: Γ − ∆, B ∨ C∨R

Σ: Γ1 − ∆1, B Σ: C, Γ2 − ∆2

Σ: B ⊃ C, Γ1, Γ2 − ∆1, ∆2⊃L

Σ: B, Γ − ∆, C

Σ: Γ − ∆, B ⊃ C⊃R

Σ: Γ, B[t/x] − ∆

Σ: Γ, ∀τx B − ∆∀L

Σ, c: τ : Γ − ∆, B[c/x]

Σ: Γ − ∆, ∀τx B∀R

Σ, c: τ : Γ, B[c/x] − ∆

Σ: Γ, ∃τx B − ∆∃L

Σ: Γ − ∆, B[t/x]

Σ: Γ − ∆, ∃τx B∃R

Σ: Γ,⊥− ⊥LΣ: Γ − > >R

Fig. 3.1. Introduction rules.

Σ: Γ, B − Binit

Σ: Γ − ∆1, B Σ: B, Γ − ∆2

Σ: Γ − ∆1, ∆2cut

Fig. 3.2. Identity rules.

Σ: Γ − ∆Σ: Γ − ∆, B

wRΣ: Γ − ∆, B, B

Σ: Γ − ∆, BcR

Fig. 3.3. Structural rules for the right-hand side only.

{p: i → o}: ∀ix (px) − ∃ix (px).

This sequent has no proof even though ∃ix (px) follows from ∀ix (px) in thetraditional presentations of classical and intuitionistic logics. The reason forthis difference is that there are no {p: i → o}-terms of type i: that is, the type iis empty in this signature. Thus we need an additional definition: the signatureΣ inhabits the set of primitive types S if for every τ ∈ S different than o,there is a Σ-term of type τ . When Σ inhabits S, the notions of provabilitydefined above coincide with the more traditional presentations.

Exercise 8. Provide proofs for each of the following sequents. Provide a C-proof only if there is no I-proof. Assume that the signature for non-logicalconstants is {p: o, q: o, r: i → o, s: i → i → o, a: i, b: i}.1. p ∧ (p ⊃ q) ∧ (p ∧ q ⊃ r) ⊃ r


2. (p ⊃ q) ⊃ (¬q ⊃ ¬p)3. (¬q ⊃ ¬p) ⊃ (p ⊃ q)4. p ∨ (p ⊃ q)5. (r a ∧ r b ⊃ q) ⊃ ∃x(r x ⊃ q)6. ((p ⊃ q) ⊃ p) ⊃ p7. ∃y∀x(r x ⊃ r y)8. ∀x∀y(s x y) ⊃ ∀z(s z z)

Exercise 9. A formula of the form B ∨ ¬B is an example of an excludedmiddle: B is either true or false, and any third possibility is excluded. Clearlythere is a simple C-proof for any formula of this kind. Take the formulas inExercise 8 which have C-proofs but no I-proof and reorganized them intoI-proofs in which appropriate instances of an excluded middle formula areadded to the left-hand context. For example, show that the formula

(r a ∨ ¬r a) ⊃ (r a ∧ r b ⊃ q) ⊃ ∃x(r x ⊃ q)

has an I-proof. Of course, to remove this additional assumption, cut with aC-proof is needed.

Exercise 10. Assume that the set of sorts S contains the two tokens i and jand that the only non-logical constant is f : i → j. In particular, assume thatthere are no constants of type i declared in the non-logical signature. Is therean I-proof of

(∃jx>) ∨ (∀iy∃jx>).

Under the same assumption, does the formula

(∃jx>) ∨ (∀ix ⊥)

have a C-proof? An I-proof? Compare the issue of provability for this formulawith the one in Exercise 8(4).

Exercise 11. The multiplicative version of ∧R would be the inference rule

Σ : Γ1 − B,∆1 Σ : Γ2 − C,∆2

Σ : Γ1, Γ2 − B ∧ C, ∆1,∆2

.

Show that a sequent is has an C-proof (resp. I-proof) if and only if it has one ina proof system that results from replacing ∧R with the multiplicative version.Show the same but where ∨L is replaced with its multiplicative version

Σ : B,Γ1 − ∆1 Σ : C,Γ2 − ∆2

Σ : B ∨ C,Γ1, Γ2 − ∆1,∆2

.

Exercise 12. Consider adding the following rule

Σ: Γ − BΣ: Γ − C

Restart

3.3 The initial rule 23

to I-proofs along with the following proviso on how it is used in a proof: onthe path from an occurrence of this rule to the root of the proof, there is asequent that contains B in the succedent. Prove that a formula has a C-proofif and only if it has an I-proof with the Restart rule.

Exercise 13. Show that if we consider C-proofs, then all pairs of inferencerules for propositional connectives (i.e., excluding the quantifiers) permute.

Exercise 14. Not all pairs of quantification introduction rules permute.Present those pairs of inference rules that do not permute.

Exercise 15. Let A be an atomic formula. Describe all pairs of formulas〈B,C〉 where B and C are different members of the set

{A,¬A,¬¬A,¬¬¬A}

such that B − C has a C-proof. Make the same list such that B − C has anI-proof.

Exercise 16. Let Ξ be a proof of Σ: Γ − ∆ and let Γ ′ be a set of Σ-formulasand ∆′ be a multiset of Σ-formulas. Show that if Ξ is a C-proof, then theresult of adding Γ ′ to all antecedents of every sequent in Ξ and adding ∆′

to all succedents of every sequent in Ξ yields a C-proof of Σ: Γ, Γ ′ − ∆,∆′.Furthermore, if Ξ is also an I-proof and ∆′ is empty, then the resulting proofis an I-proof.

Exercise 17. Let Ξ be a C-proof (resp., I-proof) of Σ, x: Γ − ∆ and let tbe a Σ-term. The result of substituting t for the bound variable x in thissequent and all the bound variables corresponding to x is all other sequentsin Ξ yields a C-proof (resp., I-proof) Ξ ′ of the sequent Σ: Γ [t/x] − ∆[t/x].The arrangement of inference rules in Ξ and in Ξ ′ are the same.

3.3 The initial rule

An occurrence of the initial rule of the form Σ: Γ, B − B is an atomic initialif B is an atomic formula. In classical and intuitionistic logic, we can restrictthe initial rule to be atomic initial rules only.

Proposition 3.2 If a sequent has a C-proof (resp, an I-proof) then it has aC-proof (resp, an I-proof) in which all occurrence of the init rule are atomicinitial rules.

Proof. A simple induction on the structure of B shows that the sequentΣ: Γ,B − B can be proved by a cut-free proof involving only atomic ini-tial rules.


The fact that the initial rules involving non-atomic formulas can be re-placed by introduction rules and initial rules on subformulas is an importantproperty of logical connectives that we will always require. Essentially, thisproperty states that if subformulas are identified via the initial rule then itis possible to prove that composing those subformulas yields formulas alsoidentified.

In general, atomic initial rules cannot be removed from proofs. Atomsare built from non-logical constants, such as predicates and function systems,and their meaning comes from outside logic. In particular, it is via non-logicalsymbols and atomic formulas that we shall eventually specify logic programsfor the purpose of sorting list, representing transition systems, etc. Atomsprovide the plugs for the programmer to provide their own meaning.

Consider defining a third logic, usually called minimal logic, as follows: anM-proof is any I-proof in which the right-hand side of all sequents containsexactly one formula. We shall write Σ;∆ `M B if the sequent Σ:∆ − B hasan M-proof.

Exercise 18. Show that Proposition 3.2 does not hold for minimal logic (con-sider the sequent ⊥−⊥).

The reason for ⊥ to lose this important proof theoretic properties is thatweakening for ⊥ on the right is the proper treatment for ⊥ on the right. Asthe following exercise shows, ⊥ is not a real logical connective in minimallogic.

Exercise 19. Let q be a non-logical symbol of type o, let B be a formula, andlet B′ be the result of replacing all occurrences of q in B with ⊥. Show thatB is provable in intuitionistic logic if and only if B′ is provable in minimallogic.

3.4 The cut rule

The cut rule can also be restricted to atomic formulas in a manner similar tothat for restricting the initial rule to atomic formulas. For example, considera proof which contains the following cut with a conjunctive formula in whichthe two occurrences of that conjunction are immediately introduced in thetwo subproofs to cut.

Ξ1

Σ: Γ1 − A1, ∆1

Ξ2

Σ: Γ1 − A2, ∆1

Σ: Γ1 − A1 ∧A2,∆1∧R

Ξ3

Σ: Γ2, Ai − ∆2

Σ: Γ2, A1 ∧A2 − ∆2∧L

Σ: Γ1, Γ2 − ∆1,∆2cut

Here, i is either 1 or 2. This part of the proof can be changed locally to

3.4 The cut rule 25

Ξi

Σ: Γ1 − Ai,∆1

Ξ3

Σ:Γ2, Ai − ∆2

Σ: Γ1, Γ2 − ∆1,∆2cut

In the process of reorganizing the proof in this manner, one of the subproofsΞ1 and Ξ2 is discarded and the new occurrence of cut is on a subformula ofA1 ∧A2.

Consider a proof which contains the following cut with an implication inwhich the two occurrences of that implication are immediately introduced inthe two subproofs to cut.

Ξ1

Σ: Γ1, A1 − A2,∆1

Σ: Γ1 − A1 ⊃ A2,∆1⊃R

Ξ2

Σ:Γ2 − A1,∆2

Ξ3

Σ:Γ3, A2 − ∆3

Σ: Γ2, Γ3, A1 ⊃ A2 − ∆2,∆3⊃L

Σ: Γ1, Γ2, Γ3 − ∆1,∆2,∆3cut

This part of the proof can be changed locally to

Ξ2

Σ: Γ2 − A1, ∆2

Ξ1

Σ: Γ1, A1 − A2,∆1

Σ: Γ1, Γ2 − ∆1,∆2, A2cut Ξ3

Σ:Γ3, A2 − ∆3

Σ: Γ1, Γ2, Γ3 − ∆1,∆2,∆3cut

In the process of reorganizing the proof in this manner, the cut rule occurrencefor A1 ⊃ A2 is replaced by two instances of cut, where each cut is on thesubformula of A1 and A2.

Consider a proof that contains the following cut with > in which thepremise where > is on the right-hand side is proved with the >R.

Σ: Γ1 − >,∆1>R Ξ

Σ:Γ2,> − ∆2

Σ: Γ1, Γ2 − ∆1,∆2cut

This proof can be changed to remove this occurrence of cut entirely as follows.First, the proof Ξ of Σ:Γ2,> − ∆2 can be transformed to a proof Ξ ′ ofΣ: Γ2 − ∆2 by removing the occurrence of > in the endsequent and, hence,all the other occurrences of> that can be traced to that occurrence. As a resultof Exercise 16, Ξ ′ can be transformed to a proof Ξ ′′ of Σ: Γ1, Γ2 − ∆1,∆2.The proof Ξ ′′ contains one fewer instances of the cut-rule than the originaldisplayed proof above.

Consider a proof that contains the following cut with ∀ in which the twooccurrences of that quantifier are immediately introduced in the two subproofsto cut.

Ξ1

Σ, x: Γ1 − Bx, ∆1

Σ:Γ1 − ∀x.Bx, ∆1∀R

Ξ2

Σ: Γ2, Bt − ∆2

Σ: Γ2, ∀x.Bx − ∆2∀L

Σ: Γ1, Γ2 − ∆1,∆2cut


Here, t is a Σ-term. By Exercise 17, the proof Ξ1 of Σ, x: Γ1 − Bx,∆1 canbe transformed into a proof Ξ ′

1 of Σ: Γ1 − Bt, ∆1 (notice that x is not free inany formula of Γ1 and ∆1 nor in the abstraction B). The above instance ofcut can now be rewritten as

Ξ ′1

Σ:Γ1 − Bt,∆1

Ξ2

Σ:Γ2, Bt − ∆2

Σ: Γ1, Γ2 − ∆1,∆2cut

Exercise 20. Repeat the above rewriting of cut inference rules when the cutformula is ⊥, a disjunction, or an existential quantifier.

The above rewriting suggests that each of the logical connectives, in iso-lation, have been designed well. Each logical connective is given two senses:introduction on the right provides the means to prove a logical connective;introduction on the left provides the means to argue from a logical connec-tive as an assumption. The rewritings above provides a partial justificationthat these two means are describing the same connective. Of course, we areinterested to see if all cuts can be removed.

Theorem 1 (Cut-elimination). If a sequent has a C-proof (respectively,I-proof) then it has a cut-free C-proof (respectively, I-proof).

For the details of the proof, see, for example, [Gen69], [GTL89, Chapter13], [Gal86, Chapter 6].

Exercise 21. Define a new binary logical connective, say ¦, giving it the leftintroduction rules for ∧ but the right introduction rules for ∨. Can cut beeliminated from proofs involving ¦? Can init be restricted to only atomicformulas? Consider other mismatches as well.

3.5 Choices when doing proof search

Since we will be considering the use of proof search to support computation,we should look carefully at the many choices that are available in building aproof (in a bottom-up fashion) and look for possible means to reduce thosechoices for automation even if those choices make logic less amendable formathematical (i.e., not automated) proof. We characterize the many choicesin how one searches for proofs as follows.

• It is always possible to use the cut rule to prove any sequent. In that case,we need to produce a cut-formula (lemma) to be proved on one branchand to be used on the other.

• The structural rules of contractions and weakening can always be appliedto make additional copies of a formula or to remove formulas.

• There may be many non-atomic formulas in a sequent and we can generallyapply an introduction rule for every one of these formulas.

3.6 Dynamics and change during of proof search 27

• One can also see if a given sequent is initial.

Some of these choices produce sub-choices. For example, choosing the cutrule requires finding a cut-formula; choosing ∨R requires selecting a disjunct;choosing ∧L requires selecting a conjunct; choosing ∀L or ∃R requires knowinga term t to instantiate a quantifier, and using the ⊃L or cut rules requiresplitting the set Γ and multiset ∆ into pairs (for which there are exponentiallymany splits).

All this freedom in searching for proofs is not, however, needed, and greatlyreducing the sets of choices can still result in complete proof procedures. Manyof these choices can be dealt with as follows.

• Given the cut-elimination proof, we do not need to consider the cut ruleand the problem of selecting a cut-formula. Such a choice forces us tomove into a domain where proofs are more like computation traces thanwitnesses of mathematical arguments. But since our goal here is the spec-ification of computation, we shall generally live inside this choice.

• Often, structural rules can be built into inference rules. For example, weak-ening on the left is built into the init rule. Also, instead of attempting tosplit the context in the ⊃L rule, we can apply contraction to duplicate allthe formulas and then place one copy on the left branch and one copy onthe right branch. Equivalently, we can try to understand when the additiveversion of this rule can replace the multiplicative version, in which case,contexts are copied and not split.

• The problem of determining appropriate substitution terms in the ∀L and∃R rules is a serious problem whose solution falls outside our investigationshere. When systems based on proof search are implemented, they generallymake use of various techniques, such as employing the so-called “logicvariable” and unification to determine instantiation terms in a lazy fashion.Although such techniques are completely standard, we shall not discussthem here.

• The choices between which introduction rule to select can be structuredby first noticing that some introduction rules are invertible: that is, theirpremises are provable if and only if their conclusion is provable. Thus,applying such introduction rules does not lose completeness. While non-invertible introduction rules represent genuine choices in the search forproofs, some structure to how these rules are applied can also be described(see, for example, backchaining in Section 4.4).

3.6 Dynamics and change during of proof search

Within the proof search paradigm, changes to sequents during search repre-sents the dynamics of search. Thus it is important to understand what kindsof dynamics are supported by a given logic.


The following exercises illustrate to what extent sequents can changewithin classical and intuitionistic logics.

Exercise 22. Show that a cut-free C-proof Ξ of Σ: Γ − ∆ can be trans-formed into a proof Ξ ′ of the same sequent such that for every sequentΣ′: Γ ′ − ∆′ in Ξ ′, we have that Σ ⊆ Σ′, Γ ⊆ Γ ′, and ∆ ⊆ ∆′. (For thisexercise, assume that the initial sequents allowed for C-proofs are of the formΣ: Γ − ∆ where Γ ∩ ∆ is non-empty.) Furthermore, let n ≥ 0 and assumethat every formula in Γ is of clausal order n or less and every formula in ∆ isof clausal order n− 1 or less. Then we can also assume that the clausal orderof formulas in ∆′ are n− 1 or less and that Γ ′ is the set union of Γ and a setΓ ′′ and that the formulas in Γ ′′ have clausal orders of order n− 2 or less.

Exercise 23. Show that a cut-free I-proof Ξ of Σ: Γ − ∆ can be transformedinto a proof Ξ ′ of the same sequent such that for every sequent Σ′: Γ ′ − ∆′

in Ξ ′, we have that Σ ⊆ Σ′ and Γ ⊆ Γ ′. Furthermore, let n ≥ 0 and assumethat every formula in Γ is of clausal order n or less and every formula in ∆ isof clausal order n− 1 or less. Then we can also assume that the clausal orderof formulas in ∆′ are n− 1 or less and that Γ ′ is the set union of Γ and a setΓ ′′ and that the formulas in Γ ′′ have clausal orders of order n− 2 or less.

The dynamics of classical logic seems quite weak in the sense that contextsonly grow during proof search. No formulas are required to be forgotten ordropped. Since the semantics of classical logic are based on notions of “static”truth, this proof search characterization of classical logic seems appropriate.

Intuitionistic logic has a bit richer dynamics since the antecedents of se-quents can change significantly since only one formula is keep in the an-tecedent: contrary to classical logic, antecedent formulas cannot be copied(using cR) and restarted (Exercise 12). Thus, intuitionistic logic allows forgrowing antecedents and more complicated varying succedents. As we shallsee in the next chapter, if we are in a setting where goal-directed proof searchis complete, the dynamics of the succedent is reduced to the changing of oneatomic formula with another. Thus, most of this dynamics occurs within non-logical context; that is, the dynamics is captured by changes to the termswithin atomic formulas. Constraining such dynamics to non-logical contextsmeans that logical reasoning will provide little immediate help in reasoningabout computational dynamics.

4

Horn and hereditary Harrop formulas

4.1 Goal-directed search

One approach to modeling logic programming with sequent calculus involvesseeing logic programs as theories from which deductions are attempted andgoals (also called queries) are formulas whose entailment is attempted fromlogic programs. The state of an idealized interpreter can be represented as thetwo-sided sequent Σ:P − G, where Σ is the signature that declares currentset of eigenvariables, P is a set of Σ-formulas denoting a program, and G is aΣ-formula denoting the goal we wish to prove from P.

It also seems natural to also impose that computation should proceed inthe following fashion: when given the program P and a non-atomic goal G,then the proof should proceed in a fixed fashion to decompose the goal formulaG first and without regard to the program. Thus, the “search semantics” for alogical connective at the head of a goal is fixed by the logic and is independentof the program. It is only when attempting a proof of an atomic formula thatthe program is consulted so as to provide meaning for the non-logical predicateconstant at the head of that atom. In particular, the following are completelynatural reductions to attempts to prove a goal.

• Reduce an attempt to prove Σ:P − B1 ∧B2 to the attempts to prove thetwo sequents Σ:P − B1 and Σ:P − B2.

• Reduce an attempt to prove Σ:P − B1∨B2 to an attempt to prove eitherΣ:P − B1 or Σ:P − B2.

• Reduce an attempt to prove Σ:P − ∃τx.B to an attempt to prove Σ:P −B[t/x], for some Σ-term t of type τ .

• Reduce an attempt to prove Σ:P − B1 ⊃ B2 to an attempt to proveΣ:P, B1 − B2.

• Reduce an attempt to prove Σ:P − ∀τx.B to an attempt to proveΣ, c: τ :P − B[c/x], where c is token not in Σ.

• Attempting to prove Σ:P − > yields an immediate success.

30 4 Horn and hereditary Harrop formulas

Clearly, these reduction steps are the bottom-up readings of the right-introduction rules found in Figure 3.1. This suggests the following definitionto formalize the notion of goal-directed search: a cut-free I-proof is uniform ifevery occurrence of a sequent whose succedent contains a non-atomic formulais the conclusion of an inference figure that introduces its top-level connective.Searching for uniform proofs is now greatly restricted since building a uni-form proof means that one applies right-rules when the succedent has logicalconstants. We are not allowed to interleave choosing right and left introduc-tions rules. The definition of uniform proof provides no guidance or possiblerestrictions for applying left-introduction rules, although such guidance willsoon appear.

Exercise 24. Show that in a uniform proof, init inference rules are alwaysatomic and that a sequent is the conclusion of a left rule only if that sequenthas an atomic succedent.

There are provable sequents for which no uniform proof exists. For exam-ple, let the non-logical constants be {p : o, q : o, r : i → o, a : i, b : i} and letΣ be an signature. The sequents

Σ: (r a ∧ r b) ⊃ q − ∃ix(r x ⊃ q) and Σ:− p ∨ (p ⊃ q)

have C-proofs but no I-proofs, so clearly they have no uniform proofs. Thetwo sequents

Σ: p ∨ q − q ∨ p and Σ: ∃ix. r x − ∃ix. r x

have I-proofs but no uniform proofs.One way to define logic programming, at least from the point-of-view of

logical connectives and quantifiers, is to consider those collections of programsand goals for which uniform proofs are, in fact, complete. In particular, anabstract logic programming language is a triple 〈D,G,`〉 such that for all sig-natures Σ, for all finite sets P of Σ-formulas from D, and all Σ-formulas Gof G, we have ` Σ:P − G if and only if Σ:P − G has a uniform proof.

Both the definition of uniform proof and abstract logic programming lan-guage are restricted to I-proofs. We shall refer to this as the single-conclusionversion of these notions. Later we present a generalization of them to themultiple conclusion setting.

A theory ∆ is said to hold the disjunction property if the provability ofΣ: ∆ − B ∨ C implies the provability of either Σ: ∆ − B or Σ: ∆ − C. Atheory ∆ is said to hold the existence property if the provability of Σ: ∆ −∃τx. B implies the existence of a Σ-term t of type τ such that Σ:∆ − B[t/x] isprovable. Clearly, if uniform proofs are complete for a given theory and notionof provability, that theory has both the disjunctive and existential properties.In a sense, when uniform proofs are complete, these properties are satisfiedat all point in building a cut-free proof.

4.2 Horn clauses 31

4.2 Horn clauses

The first approaches to describing the structure of proofs using Horn clauseswere done using resolution refutations. In that setting, Horn clauses weregenerally defined as the universal closure of disjunctions of literals (atomicformulas or their negation) that contain at most one positive literal (an atomicformula). That is, a clause is a closed formula for the form

∀x1 . . . ∀xn[¬A1 ∨ · · · ∨ ¬Am ∨B1 ∨ · · · ∨Bp],

where n,m, p ≥ 0 and p ≤ 1 . If n = 0 then the quantifier prefix is notwritten and if m = p = 0 then the body of the clause is considered to be ⊥. Ifthe clause contained exactly one positive literal (p = 1), it is a positive Hornclause. If it contained no positive literal (p = 0), it is a negative Horn clause.

When we shift from the search for refutations to the search for sequentcalculus proofs, it is natural to shift the presentation of Horn clauses to oneof the following. Let τ be some member of S (primitive type) and let A be asyntactic variable ranging over atomic formulas. Consider the following three,separate and recursive definitions of the two syntactic categories of programclauses (definite clause) given by the syntactic variable D and goals given bythe syntactic variable G.

G ::= A | G ∧G

D ::= A | G ⊃ A | ∀τx D. (4.1)

Program clauses in this style presentation are formulas of the form

∀x1 . . . ∀xn(A1 ∧ · · · ∧Am ⊃ A0),

where we adopt the convention that if m = 0 then the implication is notwritten. A second, richer definition of these syntactic classes is the following.

G ::= > | A | G ∧G | G ∨G | ∃τx G

D ::= A | G ⊃ D | D ∧D | ∀τx D. (4.2)

Finally, a compact presentation of Horn clauses and goals is possible usingonly implication and universal quantification.

G ::= A

D ::= A | A ⊃ D | ∀τx D. (4.3)

This last definition describes a Horn clause as a formula built from impli-cations and universals such that to the left of an implication there are nooccurrences of logical connectives.

Definition (4.1) above corresponds closely to the definition of Horn clausesgiven using disjunction of literals. In this case, positive clauses correspond to


the D-formulas. Classical equivalences are needed (not intuitionistic equiva-lences). Negative clauses are not exactly negations of G formulas since suchG formulas are not allowed to have existential quantifiers (although allowingsuch existential quantifiers are allowable, as is done in (4.2).

Let D1 be the set of D-formulas and G1 be the set of G-formulas satisfyingthe recursion (4.2).

Exercise 25. Given any of the three presentations of Horn clauses and goalsabove, show that the clausal order (see Section 3.1) of a Horn goal is always0 and of a Horn clause is 0 or 1.

Exercise 26. Let D be a Horn clause using (4.2). Show that there is a set ∆of Horn clauses using description (4.1) or (4.3) such that D is equivalent tothe conjunction of formulas in D. Show that this rewriting might make theresulting conjunction exponentially larger than the original clause.

Exercise 27. Let Σ be a signature, let P be a set of Σ-formulas in D1, andlet G be a Σ-formula in G1. Let Ξ be a cut-free C-proof of Σ:P − G. Showthat every sequent in Ξ is of the form Σ:Γ − ∆ such that Γ is a subset ofD1 and ∆ is a subset of G1. Show also that the only inference rules that canappear in Ξ are cR, wR, init, ∀L, ∧L, ⊃L, ∧R, ∨R, ∃R, and >R.

Exercise 28. Prove that Horn clause programs are always consistent by prov-ing that for any signature Σ and any finite set of Horn clauses P, the sequentΣ:P − is not provable. Show that an I-proof of Σ:P − G for a Horn goal Gis also an M-proof.

We first show that in the Horn clause setting, classical provability is con-servative over intuitionistic logic.

Proposition 4.1 Let Σ be a signature, let P be a set of Σ-formulas in D1,and let G be a Σ-formula in G1. If Σ:P − G has a C-proof then it has anI-proof.

Proof. We actually show the following slightly stronger result: If Σ:P − Γhas a cut-free C-proof then there is a G ∈ Γ such that Σ:P − G has an I-proof. We prove this by contradiction. That is, assume that there is a sequentΣ:P − Γ that has a C-proof but for which there is no G ∈ Γ such thatΣ:P − G has an I-proof. Choose Ξ to be such a C-proof of minimal heightover all such sequents Σ:P − Γ .

Now consider the last inference rule of Ξ. Clearly, this rule is not anidentity rule since Ξ is cut-free and since init is an I-proof. It is also not astructural rule: if the last rule was either wR or cR then the premise sequenthas a C-proof and no formula on the right-hand side of that sequent has anassociated I-proof. But this contradicts the choice of Ξ as having minimalheight.

4.2 Horn clauses 33

Now consider all possible introduction rules that might be the last inferencerule in Ξ (these are enumerated in Exercise 27). If that last rule is ⊃L, thenΞ has the form

Σ:P1 − ∆1, G Σ: D,P2 − ∆2

Σ: G ⊃ D,P1,P2 − ∆1,∆2⊃L,

and there is no formula H ∈ ∆1 ∪∆2 such that Σ: G ⊃ D,P1,P2 − H has anI-proof. Since the premises have shorter C-proofs and since they are composedof Horn clauses on the left and Horn goals on the right, there must be a formulaH1 ∈ ∆1 ∪ {G} for which Σ:P1 − H1 has an I-proof and a formula H2 ∈ ∆2

for which Σ: D,P2 − H2 has an I-proof. In the case that H1 ∈ ∆1, the sequentcan be weakened to yield an I-proof of Σ: G ⊃ D,P1,P2 − H1 (Exercise 16),which is a contradiction. Thus, H1 is G and we have an I-proof of Σ:P1 − G.Putting together this I-proof with the one for Σ:D,P2 − H2 using ⊃L, wehave a I-proof of Σ: G ⊃ D,P1,P2 − H2, which is again a contradiction.

All the remaining cases of introduction rules can be treated in a similarfashion.

Notice that Exercise 28 is an immediate consequence of the proof of Propo-sition 4.1.

Proposition 4.2 Let Σ be a signature, let P be a set of Σ-formulas in D1,and let G be a Σ-formula in G1. If Σ:P − G has an C-proof then it has auniform proof.

Proof. By Proposition 4.1, if Σ:P − G has an C-proof, it has an I-proof. LetΞ be such an I-proof. By Proposition 3.2, we can also assume that the initialrules in Ξ are all atomic initial rules. If Ξ is not already a uniform proof, thenthere must be a left-introduction rule applied to a sequent with a non-atomicsuccedent. In this case, consider an occurrence of a left introduction rule thathas a non-atomic right-hand side and which has premises with minimal height.At least one of the premises must be a right-introduction rule (the case of wR isruled out by Exercise 28). Given the pairs of left and right introduction rulesare can appear in Ξ, it is easy to show that all pairs of right-introductionrules over left-introduction rules permute and that this process of permutingterminates. In this way, the proof Ξ can be converted into a uniform proof ofΣ:P − G.

The preceding propositions shows that the triple 〈D1,G1,`〉 is an abstractlogic programming if ` is taken to be `C , `I , or `M . That is, when dealingwith Horn clauses, there is no separation between these three logics. Anyoneof these three abstract logic programming languages will be called fohc (forfirst-order Horn clauses).

Note that fohc is a weak logic programming language in the proof theo-retic sense that there are few logical connectives for which the right and leftbehavior exist within uniform proofs. If we use the (4.2) presentation of Horn


clauses, then it is only atoms or conjunctions of atoms that are both goals andprogram clauses. All the other connectives are either dismissed (such as ⊥) orare restricted to just half their “meaning”: when a disjunction and existentialquantifier are encountered in proof search, only their right introduction rulesare needed and when implication and universal quantification are encountered,only their left introduction rules are needed.

4.3 Hereditary Harrop formulas

An extension to Horn clauses that allow implications and universal quantifiersin goals (and, thus, in the body of program clauses) is called the first-orderhereditary Harrop formulas. Proof search involving such formulas may involveleft and right introduction rules for implications and universal quantifiersas well as conjunctions (as in the Horn clause case). Parallel to the threepresentations of fohc in Section 4.2, there are the following three presentationsof goals and program clauses for first-order hereditary Harrop formulas.

G ::= A | G ∧G | D ⊃ G | ∀τx.G

D ::= A | G ⊃ A | ∀x.D (4.4)

The definitions of G- and D-formulas are mutually recursive and that a neg-ative (resp, positive) subformula of a G-formula is a D-formula (G-formula),and that a negative (positive) subformula of a D-formula is a G-formula (D-formula). A richer formulation is given by

G ::= > | A | G ∧G | G ∨G | ∃x.G | D ⊃ G | ∀x.G

D ::= A | G ⊃ D | D ∧D | ∀x.D (4.5)

When referring to first-order hereditary Harrop formulas and goals we shallassume this definition of formulas. We use D2 to denote the set of all suchD-formulas and G2 for the set of all G-formulas. A more compact presentationcan be given as

G ::= A | D ⊃ G | G ∧G | ∀x.G

D ::= A | G ⊃ D | D ∧D | ∀x.D (4.6)

In this presentation, D and G formulas are the same set of formula and thereis no need for a definition that allows for mutual recursion. Thus, hereditaryHarrop formulas are simply the logic of conjunction, implication, and uni-versal quantification. The propositions that we now present concerning proofsearch also tolerate the right-introduction rules for disjunction and existen-tial quantification (hence, presentation (4.5) is taken as the larger and officialpresentation of first-order hereditary Harrop formulas).

The triple 〈D2,G2,`C〉 is not an abstract logic programming language. Forexample, the formulas numbered 4, 5, 6, and 7 in Exercise 8 are hereditaryHarrop goals that have classical proofs but no uniform proof.

4.4 Backchaining 35

Exercise 29. Show that Peirce’s formula ((p ⊃ q) ⊃ p) ⊃ p (Exercise 8(6))is the smallest classical theorem (counting occurrences of logical connectives)that is composed only of implications and atomic formulas and which has nouniform proof.

Let fohh denote the triple 〈D2,G2,`I〉 or 〈D2,G2,`M 〉. The followingproposition shows that fohh is an abstract logic programming language.

Proposition 4.3 Let Σ be a signature, let P be a set of Σ-formulas in D2,and let G be a Σ-formula in G2. If Σ:P − G has an I-proof then it has auniform proof.

The proof of this proposition is essentially the same as the proof of Propo-sition 4.2.

Consider following class of first-order formulas given by

D := A | B ⊃ D | ∀x D | D1 ∧D2.

Here A ranges over atomic formulas and B over arbitrary first-order formulas.These D-formulas are known as Harrop formulas. Clearly hereditary Harropformulas are Harrop formulas.

Exercise 30. Consider the sequent Σ:P − B where P is a set of Harrop for-mulas and B is an arbitrary formula. Show that Harrop formulas are “uniformat the root”; that is, if B is non-atomic, then this sequent is intuitionisticallyprovable if and only if it has a I-proof that ends in a right-introduction rule.Are uniform proofs complete for such sequents?

4.4 Backchaining

The restriction to uniform proofs provides some structure on how to do rightrules: in the bottom-up search for proofs, right rules are attempted when-ever the antecedent is non-atomic and left-rules are attempted only whenthe succedent is atomic. We now present restrictions on the application ofleft-introduction rules which do not result in the loss of completeness.

Consider searching for a proof by applying the following instance of the⊃L inference rule

Σ:P − G Σ: D,P − A

Σ: G ⊃ D,P − A⊃L,

where A is an atomic formula. Applying this rule reduces an attempt to provethe atomic formula A from program P to attempting to prove two things, oneof which is still an attempt to prove A but this time from the (possibly) largerprogram P∪{D}. It would seem natural to expect this inference rule was usedbecause this new instance of D is “directly” useful in helping to solve A. Forexample, D could itself be A or some sequence of additional left-rules appliedto D might reduce it to an occurrence of A.


Σ:P D−−− AΣ:P − A

decideΣ:P A−−− A

init

Σ:P D1−−− A

Σ:P D1∧D2−−− A∧L

Σ:P D2−−− A

Σ:P D1∧D2−−− A∧L

Σ:P − G Σ:P D−−− A

Σ:P G⊃D−−− A⊃L

Σ:P D[t/x]−−− A

Σ:P ∀τ x.D−−− A∀L

Fig. 4.1. Rules for backchaining. In the decide rule, D is a member of P, and inthe ∀L rule, t is a Σ-term of type τ .

Exercise 31. There is an alternative to backchaining, which is often calledforwardchaining. That is, in the inference rule

Σ:P − G Σ: D,P − A

Σ: G ⊃ D,P − A⊃L,

the formula D is not restricted to be “immediately” used to prove A butrather that D is can be used with some other implication in P to derive A.Enumerate the different uniform proofs of the sequent

p, p ⊃ q, (p ∧ q) ⊃ r − r.

Which of these employ forwardchaining and which backwardchaining?

We can formalize a proof system where left introduction rules are usedin such a fashion via the inference rules present in Figure 4.1. To do so, weintroduce the new sequent arrow Σ:P D−−− A: the plan is that this sequentshould be provable if and only if the sequent Σ:P, D − A is provable. Theformula over the sequent arrow is the only one on which left-introductionrules may be applied. The decide rule is used to turn the attempt to prove anatomic formula via the standard two-sided sequent into an attempt to provethis new three-place sequent.

The sequent Σ:P − G or the sequent Σ:P D−−− A has an O-proof if ithas a proof using the right rules in Figure 3.1 and the rules in Figure 4.1.The notion Σ:P `O G denotes the proposition that the sequent Σ:P − Ghas an O-proof. We shall view this proof system as capturing a high-leveldescription of the operational semantics of logic programming in intuitionisticlogic. Proof search for an O-proof has three phases. The first phase is thegoal-reduction phase where right rules are used to find a proof of a non-atomicformula. The second phase is the decide rule in which some program clause Dfrom the logic program is selected: alternatives to this choice of selection maywell need to be investigated. The third phase is called backchaining and is afocused application of left-rules and init in which alternatives to the choice of

4.5 Dynamics of proof search for fohc 37

conjunction in the ∧L rule and the choice of term in the ∀L rule may need tobe considered.

Proposition 4.4 Let P be an fohh logic program and G an fohh goal. ThenΣ:P Ò G if and only if Σ:P Ì G.

Proof. This proof is done by permutation of inference rules. More details(meaning, the full inductive argument) should be added here. For now, see,for example [Mil89, Lemma 11], for a similar proof.

The following shows that the polarity of formulas and subformulas aremaintained within cut-free I-proofs.

Proposition 4.5 Let P be an fohh logic program and G an fohh goal and letΞ be a cut-free I-proof of Σ:P − G. If Σ′: Γ − B is a sequent in Ξ then Γis a fohh logic program and B is an fohh goal formula.

Let ∆ be a finite set of formulas. The set of pairs |∆|Σ is defined to be thesmallest set such that

• if D ∈ ∆ then 〈∅, D〉 ∈ |∆|Σ ,• if 〈Γ, D1 ∧D2〉 ∈ |∆|Σ then 〈Γ, D1〉 ∈ |∆|Σ and 〈Γ, D2〉 ∈ |∆|Σ ,• if 〈Γ, G ⊃ D〉 ∈ |∆|Σ then 〈Γ ∪ {G}, D〉 ∈ |∆|Σ , and• if 〈Γ, ∀τxD〉 ∈ |∆|Σ and t is a Σ-term of type τ then 〈Γ, D[t/x]〉 ∈ |∆|Σ .

Assuming that ∆ is a set of Σ-formulas that are also fohh program clauses,then whenever 〈Γ, D〉 ∈ |∆|Σ then D is a fohh program clause and Γ is afinite set of fohh goals.

By using this definition of |∆|Σ , it is possible to describe backchaining asa single inference rule instead of left-introduction rules. In particular, considerthe proof system O′ that contains the right-introduction rules in Figure 3.1and the following inference rule

{Σ: ∆ − G | G ∈ Γ}Σ: ∆ − A

BCprovided A is atomic and 〈Γ, A〉 ∈ |∆|Σ . If ∆is empty, then this rule has no premises.

The completeness of O′-proofs for intuitionistic provability in the contextof fohh is a simple consequence of the completeness of O-proofs (Proposi-tion 4.4).

Proposition 4.6 Let P be an fohh logic program and G an fohh goal. ThenΣ:P − G has an O′-proof if and only if Σ:P Ì G.

4.5 Dynamics of proof search for fohc

If P is an fohc program and G is an fohc goal, then there are no occurrencesof ⊃R or of ∀R in an O-proof of Σ:P − G. Thus, every sequent occurring


in such an O-proof has Σ as its signature and P as its left-hand side. Sincesignatures and programs (the left-hand of sequents) remain constant duringthe search for proofs in fohc, the logic program is global. During computation,if a program clause is every needed (via the decide rule), it must be presentat the beginning along with all other clauses that might be needed during thecomputation (proof search). Thus, the logic of fohc does not directly supporthierarchical programming in which certain programs are designed to be localto others or in which code is assembled in modules and certain modules are“visible” or not to other modules.

The only changeable part of a sequent during proof search is the right-hand side. Since goal reduction in fohc is invertible (when using definitions(4.1) or (4.3)), the computational significance of the goal is given by the atomsto which it decomposes. Thus, as computation progresses, the only essentialchange in proof search is with atoms appearing on the right of the sequent ar-row. Given that we allow first-order term and these can encode rich structures(such as natural numbers, lists, trees, Turing machine tapes, etc), it is easy tosee that proof search in fohc has sufficient dynamics to encode general com-putation. Unfortunately, all of that dynamics takes place within non-logicalcontents, namely, within atomic formulas. As a result, logical techniques foranalyzing computation via proof search have little direct impact on what canbe said directly about non-logical contexts. Thus, reasoning about propertiesof Horn clause programs will benefit little from logical and proof theoreticanalysis.

During a computation, all data structures that are built and representedusing first-order terms are built from the non-logical, fixed signature, and anyitems that appear in signature declaration for a given sequent. In the first-order Horn clause case, neither of these signatures change and as a result, alldata structures that need to be built during proof search must be available andequally “visible”. Thus, fohc does not directly support a hierarchical notionof data structures such as is provided in many programming languages viaabstract data types.

Thus computation using fohc is flat and supports no direct support forprogram-level abstractions: all the program clauses and every data type con-structor must be present in the initial, endsequent in order to be used duringcomputation. No abstractions or hiding mechanisms are available.

4.6 Examples of fohc logic programs

Figure 4.2 presents some examples of Horn clauses, along with two kindsof declarations. The syntax here is quite natural and follows the λPrologconventions. To declare members of the set of sorts S, the kind declaration isused: the expression

kind tok type.

4.6 Examples of fohc logic programs 39

kind nat type.

type z nat.

type s nat -> nat.

type sum nat -> nat -> nat -> o.

type leq, greater nat -> nat -> o.

sum z N N.

sum (s N) M (s P) :- sum N M P.

leq z N.

leq (s N) (s M) :- leq N M.

greater N M :- leq (s M) N.

Fig. 4.2. fohc programs specifying relations over natural numbers.

declares that tok is a token that is to be used as a primitive type. The ex-pressions

type tok <type expression>.

declares that the non-logical signature should contain the declaration of tokfor the associated type expression. Logic program clauses are the remainingentries. In such expressions, the infix symbol :- denotes the reverse of ⊃, asemicolon denotes a disjunctions, a comma (which binds tighter than :- andthe semicolon) denotes a conjunction of goal formulas while & denotes conjunc-tion for Horn clauses (in this setting, both symbols denote the same logicalconnective ∧). Tokens with initial capital letters are universally quantifiedwith scope around an individual clause (which is terminated by a period).

In Figure 4.2, the symbol nat is declared to be a primitive type and zand s are used to construct natural numbers via zero and successor. Thesymbol sum is declared to be relation of three natural numbers while thetwo symbols symbols leq and greater are declared to be binary relationson natural numbers. The following lines describe the meaning for these threepredicates. For example, if the sum predicate holds for the triple M , N , andP then N + M = P : this relation is described recursively using the facts that0+N = N and if N +M = P then (N +1)+M = (P +1). Similarly, relationsdescribing N ≤ M and N > M are also specified.

Similarly, Figure 4.3 introduces a primitive type for lists (of natural num-bers) and two constructors for lists, namely, the empty list constructor niland the non-empty list constructor, the infix symbol ::. The binary predicatesumup relates a list of natural numbers with the sum of those numbers. Thebinary predicate max relates a list of numbers with the largest number in thatlist. The predicate maxx is an auxiliary predicate used to help compute themax relation.

Exercise 32. Informally describe the predicates specified by Horn clauses inFigure 4.5.


kind list type.

type nil list.

type :: nat -> list -> list.

infixr :: 5.

type sumup, max list -> nat -> o.

type maxx list -> nat -> nat -> o.

sumup nil z.

sumup (N::L) S :- sumup L T, sum N T S.

max L M :- maxx L z M.

maxx nil A A.

maxx (X::L) A M :- leq X A, maxx L A M.

maxx (X::L) A M :- greater X A, maxx L X M.

Fig. 4.3. Specifications of some relation between natural numbers and lists.

kind node type.

type a, b, c, d, e, f node.

type adj, path node -> node -> o.

adj a b & adj b c & adj c d & adj a c & adj e f.

path X X.

path X Z :- adj X Y, path Y Z.

Fig. 4.4. Encoding the adjacency and path relations for a directed graph.

type memb nat -> list -> o.

type append list -> list -> list -> o.

memb X (X::L).

memb X (Y::L) :- memb X L.

append nil L L.

append (X::L) K (X::M) :- append L K M.

type sort list -> list -> o.

type split nat -> list -> list -> list -> o.

split X nil nil nil.

split X (A::L) (A::S) B :- leq A X, split X L S B.

split X (A::L) S (A::B) :- greater A X, split X L S B.

sort nil nil.

sort (X::L) S :- split X L Small Big, sort Small SmallS,

sort Big BigS, append SmallS (X::BigS) S.

Fig. 4.5. More examples of Horn clause programs.

4.8 Examples of fohh logic programs 41

Exercise 33. Take a standard definition of Turing machine and show how todefine an interpreter for a Turing machine in fohc. The specification shouldbe able to encode the fact that a given machine accepts a given word if andonly if some atomic formula is provable.

4.7 Dynamics of proof search for fohh

Proof search using fohh programs and goals is slightly more dynamic. In par-ticular, both logic programs and signatures can grow. In this setting, everysequent in an O-proof of the sequent Σ:P − G is either of the form

Σ, Σ′:P,P ′ − G′ or Σ,Σ′:P,P ′ D−−− A.

Thus, the signature can grown by the addition of Σ′ and the logic program cangrown by the addition of P ′ (a fohh program over Σ ∪ Σ′). More generally,it follows from Exercise 22 that if the clausal order of P is n ≥ 0 and theclausal order of G is at most n − 1, then the clausal order of P ′ is at mostn−2. Similarly, it is easy to see that Σ′ declares items only of primitive types(excluding o).

Since the terms used to instantiate quantifiers in the concluding sequentof the ∃R and ∀L inference rules range over the signature of that sequent,more terms are available for instantiation as proof search progresses. Theseadditional terms include the eigenvariables of the proof that are introducedby ∀R inference rules. Notice that once an eigenvariable is introduced, it isnot instantiated by the proof search process. As a result, eigenvariable do notactually vary and, hence, act as locally scoped constants.

Modular programming: Scope extrusion via multiple conclusions.

Exercise 34. If we allow the addition of new non-logical connectives to aprogram, then all fohh programs can be reduced to programs of order 2 orless. [Hint: the inner implication of a formula of order, say 3, can be “defined”equivalent to a new atomic formula using two way implications.]

Exercise 35. Define the core of an abstract logic programming language〈D,G,`〉 to be the intersection D ∩ G. What is the core of fohc? Of fohh?

4.8 Examples of fohh logic programs

One might describe a jar as sterile if every germ in it is dead. Consider provingthat if a given jar j is heated then that jar is sterile (given the fact that heatinga jar kills all germs in that jar). A specification of this using fohh is given inFigure 4.6.


kind jar, germ type.

type j jar.

type sterile, heated jar -> o.

type dead germ -> o.

type in germ -> jar -> o.

sterile Y :- pi x\ in x Y => dead x.

dead X :- heated Y, in X Y.

heated j.

Fig. 4.6. Heating a jar makes it sterile.

The expression pi x\ denotes universal quantification of the variable xwith scope that extends as far to the right as consistent with parentheses orthe end of the expression. The first of the clauses above could be written as

∀y(∀x(in x y ⊃ dead x) ⊃ sterile y)

Notice that no constructors for type germ are provided in Figure 4.6 and noexplicit assumptions about the binary predicate in is given. Their role in thisspecification is hypothetical.

Exercise 36. Construct the O-proof of goal formula (sterile j) from the logicprogram in Figure 4.6.

Notice that fohh allows for a simple notion of modular logic programming.For example, let classify, scanner, and misc name (possibly large) programclause have some role within a larger programming task (for example, scannermight contain code to convert a list of characters into a list of tokens prior toparsing, etc). The goal formula

misc ⊃ ((classify ⊃ G1) ∧ (scanner ⊃ G2) ∧G3)

Attempting a proof of this goal will cause attempts of the three goals G1, G2,and G3 to be attempted with respect to different programs: misc and classifyare used to prove G1; misc and scanner are used to prove G2; and misc is usedto prove G3. Thus, implicational goals can be used to structure the runtimeenvironment of a program. For example, the code present in classify is notavailable during the proof attempt of G2.

A specification for the binary predicate that relates a list with the reverseof that list can be given in fohc using the following program clauses:

reverse L K :- rev L nil K.rev nil L L.rev (X::M) N L :- rev M (X::N) L.

Here, reverse is a binary relation on lists and the auxiliary predicate revis a ternary relation on lists. By moving to fohh, it is possible to write thefollowing specification instead.

4.9 Limitation to fohc and fohh logic programs 43

reverse L K :- rv nil K => rv L nil.rv (X::M) N :- rv M (X::N).

Here, the auxiliary predicate rv is a binary predicate on lists. With this secondspecification, the use of non-logical context is slightly reduced in the sense thatthe atomic formula (rev M K L) in the first specification is encoded usingthe logical formula (rv [] L => rv M K) in the second specification. Noticethat the definition of reverse above has clausal order 2. It is possible to specifyreverse with a clause of order 3 as follows in which not only the base case forrv is assumed in the body of reverse but also the recursive case.

reverse L K :-(pi X\ pi M\ pi N\ rv (X::M) N :- rv M (X::N)) =>

rv nil K => rv L nil.

Exercise 37. Reversing a pile of papers L can informally be describing as:start by allocating an additional empty pile and then systematically movethe top member of the original pile to the top of the newly allocated pile.When the original pile is empty, the other list is the reverse. Using the lastspecification of reverse above, show where in the construction of a proof ofthe reverse relation the informal computation actually takes place.

4.9 Limitation to fohc and fohh logic programs

The following two meta-theorems help illustrate some limitations of codingin both fohc and fohh. The following two propositions can be compared tothe “Pumping Lemmas” for regular languages which help to circumscribe theexpressive power of such languages. The following is similar to the Exercise 16and implies that weakening is a property of I-proofs (even if weakening on theleft is not an explicit inference rule).

Proposition 4.7 If Σ:Γ Ì G and if Σ′ is an extension to the signature Σand Γ ′ is a set of Σ′-formulas, then Σ′: Γ ′ Ì G.

This proposition is proved by a simple induction on the structure of I-proofs. Use this Proposition to solve the following two exercises.

Exercise 38. Assume that the set or primitive types and the signature ofnon-logicals constants extend those in Figure 4.2. Also assume that a andmaxa are predicates of one argument of sort nat. Show that there is no fohhprogram P that satisfies the following specification: for every set k ≥ 1 and{n1, . . . , nk}, we have A,P Ì maxa n if and only if n is the maximum of theset {n1, . . . , nk} and A is the set of atomic formulas {a n1, . . . , a nk}.

As was illustrated in Figure 4.3, the maximum of a set of numbers canbe computed in fohc if that set of numbers is stored in a list and not in thelogical context as require by this exercise.


Exercise 39. Given the encoding of directed graphs as is illustrated in Fig-ure 4.4, show that it is not possible to specify in fohh a predicate that is trueof two nodes if and only if there is no path between them.

Another property of provable sequents is that one can substitute eigen-variables with terms and still have a provable sequent.

type subSome j -> i -> i -> i -> o.

subSome X T (c X) T.

subSome X T (c Y) (c Y).

subSome X T (f U) (f W) :- subSome X T U W.

subSome X T (g U V) (g W Y) :- subSome X T U W, subSome X T V Y.

Fig. 4.7. Substitution of some occurrences.

Proposition 4.8 Let τ be a primitive type and let t be a Σ-term of type τ .If x: τ,Σ: Γ `I G then Σ:Γ ′[t/x] `I G[t/x].

Notice that this proposition can be applied to non-logical constants ofprimitive types in the following sense. Consider a non-logical signature, Σ0,that contains the declaration that c: τ . Let Σ′

0 be the result of removing c: τfrom Σ. Then the sequent Σ:P − G is provable when the non-logical signatureis Σ0 if and only if the sequent c: τ,Σ:P − G is provable when the non-logicalsignature is Σ′

0, which (by the above proposition) implies that Σ:P[t/c] −G[t/c] holds for t a Σ ∪Σ′

0-term of type τ .To illustrate an application of Proposition 4.8, consider the following type

declarations, where i and j are primitive types.

c: j → i, f : i → i, g: i → i → i

Terms of type i exist only in contexts where constants or variables of typej are declared. Figure 4.7 contains a specification of predicate subSome suchthat (subSome x s t r) is provable if and only if r is the result of substitutingsome occurrences of x (actually, of (c x)) in t with s.

Exercise 40. Prove that it is not possible in fohh to write a specification ofsubAll such that (subAll x s t r) is provable if and only if r is the resultof substituting all occurrences of x in t with s. Notice that this specificationwould need to work in any extension of the non-logical signature (in particular,for extensions that contain additional constants of type j, which do not occurin the specification of subAll).

Exercise 41. Write a fohh specification of subOne such that the atom

(subOne x s t r)

4.9 Limitation to fohc and fohh logic programs 45

is provable if and only if r is the result of substituting exactly one occurrencesof x in t with s. One might thing that subAll can be specified using repeatedcalls to subOne. Given the previous exercise, this must not be possible. Explainwhy.

5

Proof Search in Linear Logic

The analysis of proof search provide in Chapter 4 has the following threesignificant problems.

First, that analysis does not extend to all of logic and not even all ofintuitionistic logic. As we have seen, uniform proofs and backchaining providean analysis proof search for the {>,∧,⊃, ∀} fragment of intuitionistic logicand not all of intuitionistic logic.

Second, the analysis did not extend to multiple conclusions sequents, whichis unfortunate since that setting allows for a rich notion of duality via liberaluse of negation and de Morgan dualities. As long as proof search is limitedto single-conclusion sequents, it will be difficult and indirect to make use ofthese dualities to reason about logic programs.

Third, the proof search dynamics for our richest logic programming lan-guage so far, fohh, is rather weak: the left-hand side can only grow duringproof search and while the right-hand side can change, those changes occurwithin atomic formula (non-logical context). Richer ways to change sequentsduring proof search should make logic programming more expressive and allowmore direct use of logic to reason about the computations specified.

As we shall see in this chapter, linear logic addresses all three of theselimitations.

5.1 Sequent calculus proof for linear logic

A proof system for linear logic is given in Figures 5.1 and 5.2. Notice thatthere are no structural rules that apply to all formulas: instead, left-rulesfor ! and the right rules for ? provide weakening and contraction only forformulas marked with those modals, and only one side of the sequent. Withoutstructural rules, the additive and multiplicative versions of connectives are notthe same. As a result, the classical or intuitionistic conjunction and disjunctionsplit into two different versions, as is illustrated by the following table.

48 5 Proof Search in Linear Logic

Classical Linear Additive Linear Multiplicative> > 1⊥ 0 ⊥∧ & ⊗∨ ⊕ .................................................

..............................................

Here, 1 is the identity for ⊗, > is the identity for &, ⊥ is the identity for ............................................................................................... ,

and 0 is the identity for ⊕. We have reused the classical > and ⊥ as linear logicconnectives for no reason other than typographic convenience. Similarly, weshall also reuse the ∀ and ∃ quantifiers in linear logic since they are essentiallythe same quantifiers of classical and intuitionistic logic. Similarly, negation iswritten as (·)⊥.

The implication ⊃ also splits into two implications, although we will notrefer to them as either additive or multiplicative. Instead, there is the linearimplication −◦ and the intuitionistic implication ⇒. The linear implicationB −◦ C is defined to be B⊥ .................................................

.............................................. C and the intuitionistic implication B ⇒ C is

defined to be ! B −◦ C. The following equivalences, however, do hold.

(p⊗ q)−◦ r ≡ p−◦ q −◦ r (p & q) ⇒ r ≡ p ⇒ q ⇒ r.

(By, B ≡ C we shall mean that the formula (B −◦ C) & (C −◦B) is provablein linear logic.)

Exercise 42. The modals ! and ? are sometimes called exponentials. Showthat the following relationship between the exponentials and the additive andmultiplicative connectives, inspired by the equation xm+n = xm × xn, holdsin linear logic.

!(B & C) ≡ ! B ⊗ ! C ?(B ⊕ C) ≡ ?B.................................................

.............................................. ? C

Should the “0-ary” version of these equivalences: !> ≡ 1 and !0 ≡ ⊥.

Exercise 43. Consider the following set of linear logic connectives:

{>,&,⊥,.................................................

.............................................. ,−◦,⇒, ∀, ?}.

Show that this set of connectives is complete in the sense that all other logicalconnectives can be written in terms of these. In particular, describe how toencode

B⊥ 0 1 ! B B ⊕ C B ⊗ C ∃x.B

using the above connectives only. Show also that this set is redundant byshowing definitions for ?B and B

............................................................................................... C in terms of the remaining connectives.

Exercise 44. Prove the following “curry/uncurry” equivalences.

(B ⊗ C)−◦H ≡ B −◦ C −◦H (∃x.B x)−◦H ≡ ∀x.(B x−◦H)

(B⊕C)−◦H ≡ (B−◦H)&(C−◦H) (! B)−◦H ≡ B ⇒ H 1−◦H ≡ H.

5.1 Sequent calculus proof for linear logic 49

Σ: ∆ − >, Γ>R

Σ: ∆ − Γ

Σ: ∆,1 − Γ1L

Σ: − 11R

Σ: ∆,0 − Γ0L

Σ: ∆ − Γ

Σ: ∆ − ⊥, Γ⊥R

Σ:⊥ − ⊥L

Σ: ∆, Bi − Γ

Σ: ∆, B1 & B2 − Γ&L (i = 1, 2)

Σ: ∆ − B, Γ Σ: ∆ − C, Γ

Σ: ∆ − B & C, Γ&R

Σ: ∆ − Bi, Γ

Σ: ∆ − B1 ⊕B2, Γ⊕R (i = 1, 2)

Σ: ∆, B − Γ Σ: ∆, C − Γ

Σ: ∆, B ⊕ C − Γ⊕ L

Σ: ∆, B1, B2 − Γ

Σ: ∆, B1 ⊗B2 − Γ⊗ L

Σ: ∆1 − B, Γ1 Σ: ∆2 − C, Γ2

Σ: ∆1, ∆2 − B ⊗ C, Γ1, Γ2⊗R

Σ: ∆1, B − Γ1 Σ: ∆2, C − Γ2

Σ: ∆1, ∆2, B.................................................

.............................................. C − Γ1, Γ2

............................................................................................... L

Σ: ∆ − B.................................................

.............................................. C, Γ

Σ: ∆ − B, C, Γ

............................................................................................... R

Σ: ∆ − Γ

Σ: ∆, ! B − Γ! W

Σ: ∆, ! B, ! B − Γ

Σ: ∆, ! B − Γ! C

Σ: ∆, B − Γ

Σ: ∆, ! B − Γ! D

Σ: ∆ − Γ

Σ: ∆ − ? B, Γ? W

Σ: ∆ − ? B, ? B, Γ

Σ: ∆ − ? B, Γ? C

Σ: ∆ − B, Γ

Σ: ∆ − ? B, Γ? D

Σ: ! ∆ − B, ? Γ

Σ: ! ∆ − ! B, ? Γ! R

Σ: ! ∆, B − ? Γ

Σ: ! ∆, ? B − ? Γ? L

Σ: ∆, B[t/x] − Γ

Σ: ∆, ∀x.B − Γ∀L y: τ, Σ: ∆ − B[y/x], Γ

Σ: ∆ − ∀xτ .B, Γ∀R

Σ: ∆ − B[t/x], Γ

Σ: ∆ − ∃x.BΓ∃R y: τ, Σ: ∆, B[y/x] − Γ

Σ: ∆, ∃xτ .B − Γ∃L,

Σ: ∆ − B, Γ

Σ: ∆, B⊥ − Γ(·)⊥L

Σ: ∆, B − Γ

Σ: ∆ − B⊥, Γ(·)⊥R

Fig. 5.1. The introduction rules for linear logic.

Σ: B − Binit

Σ: ∆ − B, Γ Σ: ∆′, B − Γ ′

Σ: ∆, ∆′ − Γ, Γ ′cut

Fig. 5.2. The identity rules for linear logic.

Exercise 45. For reasons that will be presented later, some of the linear logicconnectives are divided into the positive connectives, namely, 1, 0, ⊗, ⊕ andthe negative connectives, namely, ⊥, >, .................................................

.............................................. , &. Verify that the de Morgan dual

of a connective in one division is a connective in the other division. Let B andC be two formulas for which B ≡ ! B and C ≡ ! C. Show that the followingequivalences hold for the positive connectives.

1 ≡ !1 0 ≡ !0 B ⊗ C ≡ !(B ⊗ C) ∃x.B ≡ ! ∃x.B B ⊕ C ≡ !(B ⊕ C)

Alternative, let B and C be two formulas such that B ≡ ?B and C ≡ ?C.Show that the following equivalences hold for the negative connectives.

⊥ ≡ ?⊥ > ≡ ?> B.................................................

.............................................. C ≡ ?(B .................................................

.............................................. C) B &C ≡ ?(B &C) ∀x.B ≡ ?∀x.B


Exercise 46. A modal prefix is a finite sequent of zero or more occurrencesof ! and ?. Let π be a modal prefix. Prove that ππB ≡ πB for all formulas B.Show that there are only seven modal prefixes in LL up to equivalence: theempty prefix, !, ?, ! ?, ? !, ! ? !, and ? ! ?.

Exercise 47. Consider adding to linear logic a second copy of the tensor, say,one colored red. Show that you can prove that B⊗C is logically equivalent tothe same formula but with the red version of ⊗. That is, show that the rulesfor tensor describe it uniquely. Show that this is true for all logical connectivesand quantifiers of linear logic except for the two modals.

5.2 Intuitionistic Linear Logic

In order to refine the logic programming languages described in Chapter 4, wefirst restrict our attention to a subset of linear logic that is single-conclusion.The so-called, intuitionistic linear logic fragment does not contain ⊥, .................................................

.............................................. , and

? since both of these connectives have inference rules that require a sequentwith multiple conclusions. We shall concentrate, instead, on the set of linearlogic connectives >, &,⊗,−◦, !, and ∀. Proof rules for these connectives aregiven in Figures 5.3 and 5.4. Here, the left-hand side of sequents are multisetsof formulas. The structural rules of contraction and weakening are given asthe inference rules ! C (for contraction) and !W (for weakening), but they areonly available for formulas on the left of the form ! B. The syntactic variable!∆ denotes the multiset {! C | C ∈ ∆}. We write Σ:∆ `IL B if the sequentΣ: ∆ − B has a proof in the proof system of Figure 5.3 and 5.4.

Exercise 48. Show that the set of connectives >, &,⊗,−◦, !, and ∀ has thefollowing properties: (1) If we add to it ⊥, the resulting set of connectives iscomplete for all of linear logic. (2) If we remove any element from that set,then adding ⊥ does not yield a complete set of conectives for linear logic.

It is easy to see that linear logic, even over just the logical connectivesconsidered here, is not an abstract logic programming language. For example,the sequents

a⊗ b − b⊗ a ! a − ! a⊗!a ! a & b − ! a b⊗ (b−◦ ! a) − ! a

are all provable in intuitionistic linear logic but do not have uniform IL-proofs. The problem here is that ⊗R and ! R do not permute down over allthe left-introduction rules. For this reason, we consider, instead, a fragmentof linear logic that contains neither ! nor ⊗ as connectives. We do this bymaking two changes to the formulation of linear logic given in Figures 5.3and 5.4. First, sequents will be of the form Γ ; ∆ − B where B is a formula, Γis a set of formulas, and ∆ is a multiset of formulas. Such sequents have theircontext divided into two parts: the unbounded part, Γ , that corresponds to

5.2 Intuitionistic Linear Logic 51

Σ: ∆ − > >RΣ: ∆, Bi − C

Σ: ∆, B1 & B2 − C&Li

Σ: ∆ − B Σ: ∆ − C

Σ: ∆ − B & C&R

Σ: ∆1 − B Σ: ∆2, C − E

Σ: ∆1, ∆2, B −◦ C − E−◦ L

Σ: ∆, B − C

Σ: ∆ − B −◦ C−◦R

Σ: ∆, B1, B2 − C

Σ: ∆, B1 ⊗B2 − C⊗ L

Σ: ∆1 − B Σ: ∆2 − C

Σ: ∆1, ∆2 − B ⊗ C⊗R

Σ: ∆ − C

Σ: ∆, ! B − C! W

Σ: ∆, ! B, ! B − C

Σ: ∆, ! B − C! C

Σ: ∆, B − C

Σ: ∆, ! B − C! D

Σ: ! ∆ − B

Σ: ! ∆ − ! B! R

Σ: ∆, B[t/x] − C

Σ: ∆, ∀x. − C∀L y: τ, Σ: ∆ − B[y/x]

Σ: ∆ − ∀xτ .B∀R

Fig. 5.3. Introduction rules for IL, a fragment of linear logic.

Σ: B − Binit

Σ: ∆ − B Σ: ∆′, B − C

Σ: ∆, ∆′ − Ccut

Fig. 5.4. Identity rules for IL.

the left-hand side of intuitionistic sequents, and the bounded part, ∆, whichcorresponds to left-hand side of sequents of the purely linear fragment of linearlogic (no !’s). Contraction and weakening are allowed in the unbounded partof the context, but not in the bounded part. As we show below, the sequentB1, . . . , Bn; C1, . . . , Cm − B can be mapped to the linear logic sequent

! B1, . . . , !Bn, C1, . . . , Cm − B.

Given this style of sequent, it is natural to make a second modification tolinear logic by introducing two kinds of implications: the linear implication,for which the right-introduction rule adds its assumption to the boundedpart of a context, and the intuitionistic implication (written ⇒), for whichthe right-introduction rule adds its assumption to the unbounded part of acontext. Of course, the intended meaning of B ⇒ C is (! B)−◦ C.

Figure 5.5 presents a proof system L for the logic connectives >, &,−◦,⇒,and ∀. We write Σ: Γ ; ∆ `L B if the sequent Σ:Γ ; ∆ − B has a proof in L.Notice that the bounded part of the left premise of the ⇒ L inference rule isempty: this follows from the structure of an IL-proof with an application of−◦L to a formula of the form !B −◦C. Notice as well that we assume withoutloss of generality that the identity inference of this system applies only wherethe right-hand side is an atomic formula. This technical restriction is used inthe proof of Proposition 5.2 below.

Figure 5.6 presents the two cut rules for L. Girard’s proof of the cut-elimination theorem for linear logic [Gir87] can be adjusted to show thatthese two cut rules are admissible over `L.


Σ: Γ ; A − Ainit

Σ: Γ, B; ∆, B − C

Σ: Γ, B; ∆ − Cabsorb

Σ: Γ ; ∆ − > >R

Σ: Γ ; ∆, Bi − C

Σ: Γ ; ∆, B1 & B2 − C& L

Σ: Γ ; ∆ − B Σ: Γ ; ∆ − C

Σ: Γ ; ∆ − B & C& R

Σ: Γ ; ∆1 − B Σ: Γ ; ∆2, C − E

Σ: Γ ; ∆1, ∆2, B −◦ C − E−◦ L

Σ: Γ ; ∆, B − C

Σ: Γ ; ∆ − B −◦ C−◦R

Σ: Γ ; ∅ − B Σ: Γ ; ∆, C − E

Σ: Γ ; ∆, B ⇒ C − E⇒ L

Σ: Γ, B; ∆ − C

Σ: Γ ; ∆ − B ⇒ C⇒ R

Σ: Γ ; ∆, B[t/x] − C

Σ: Γ ; ∆, ∀x.B − C∀L y: τ, Σ: Γ ; ∆ − B[y/x]

Σ: Γ ; ∆ − ∀xτ .B∀R

Fig. 5.5. The L proof system.

Σ: Γ ′; ∆1 − B Σ: Γ ; ∆2, B − C

Σ: Γ ′; ∆1, ∆2 − Ccut

Σ: Γ ′; ∅ − B Σ: Γ, B; ∆ − C

Σ: Γ ′; ∆ − Ccut!

Fig. 5.6. In both forms of the cut rule for L, we require Γ ⊆ Γ ′.

Proposition 5.1 Let B be a formula, Γ a set of formulas, and ∆ a multisetof formulas, all over the logical constants >, &,−◦,⇒, and ∀. Let B¦ be theresult of repeatedly replacing all occurrences of C1 ⇒ C2 in B with (! C1)−◦C2.(Applying ¦ to a set or multiset of formulas results in the multiset of ¦ appliedto each member.) Then Γ ;∆ `L B if and only if !(Γ ¦),∆¦ `IL B¦.

The proof in each direction can be shown by presenting a simple transfor-mation between proofs in the two proof systems.

Proposition 5.2 Let B be a formula, Γ a set of formulas, and ∆ a multisetof formulas all over the logical connectives >, &,−◦,⇒, and ∀. The sequentΓ ; ∆ − B has a proof in L if and only if it has a uniform proof in L.

A proof of this proposition can follow the lines given for fohh (see, forexample, the proof in [HM94]). We shall delay in providing more details tothe proof here since this proposition is a simple consequence of the focusingresult for full linear logic (see Proposition 5.6).

Exercise 49. Given a O-proof of a sequent in fohh, map it into a proof in L.How are focused formulas in sequents in the O-proof treated in L proofs?

Let N1 be the set of all first-order formulas over the logical connectives>, &,−◦,⇒, and ∀. It follows immediately from Proposition 5.2 that the triple〈N1,N1,`L〉 is an abstract logic programming language. (Here, we assumethat formulas in N1 can occur in both the bounded and unbounded parts ofa sequent’s left-hand side.)

5.2 Intuitionistic Linear Logic 53

Σ:P, D; ∆D−−− A

Σ:P, D; ∆ − Adecide!

Σ:P; ∆D−−− A

Σ:P; ∆, D − Adecide

Σ:P; · A−−− Ainit

Σ:P; ∆D1−−− A

Σ:P; ∆D1&D2−−− A

&LΣ:P; ∆

D2−−− A

Σ:P; ∆D1&D2−−− A

&LΣ:P; ∆

D[t/x]−−− A

Σ:P; ∆∀τ x.D−−− A

∀L

Σ:P; ∆1 − G Σ:P; ∆2D−−− A

Σ:P; ∆1, ∆2G−◦D−−− A

−◦L Σ:P; · − G Σ:P; ∆D−−− A

Σ:P; ∆G⇒D−−− A

⇒L

Fig. 5.7. Backchaining in N1: in the ∀L rule, t is a Σ-term of type τ .

As we did in Section 4.4, the left-hand rules can be organized into abackchaining discipline. As we have done before, we illustrate this by present-ing two different proof systems: the first using a formula labeling a sequentarrow to denote the focus of the backchain rule and a second (equivalent) proofsystem where backchaining is described as a single inference rules employinga simple kind of “completion” of a logic program.

Figure 5.7 contains a formulation of a proof system in which the appli-cation of the left-introduction rules is on a designated formula from the left(compare these rules to those in Figure 4.1). The new sequent arrow, written

as Σ:P; ∆D−−− A, is used to display that designated formula on the sequent

arrow. The formula over the sequent arrow is the only one on which left-introduction rules may be applied. The two decide rules are used to turn theattempt to prove an atomic formula via the standard two-sided sequent intoan attempt to prove this new three-place sequent.

The sequent Σ:P;∆ − G or the sequent Σ:P; ∆D−−− A has an O-proof if

it has a proof using the right rules in Figure 5.5 and the rules in Figure 5.7.The notion Σ:P Ò G denotes the proposition that the sequent Σ:P − Ghas an O-proof. Notice that while we are reusing the notion of O-proof andof Ò from Section 4.4, there should be no confusion if we do so.

Notice that the rule for −◦L requires splitting the bounded context ∆1, ∆2

into two parts (when reading the rule bottom up). There are, of course, 2n

such splittings if that context has n ≥ 0 formulas.

Exercise 50. Show that an O-proof from Section 4.4 can be mapped to anO-proof as just defined. What mapping from intuitionistic formulas to linearlogic formulas should be used?

Proposition 5.3 Let P be a finite subset of N1 formulas, let ∆ be a finitemultiset of N1 formulas, let G be an N1 formula. Then Σ:P; ∆ Ò G if andonly if Σ:P; ∆ `L G.

For a second (less proof-theoretic) description of backchaining, considerthe following definition. Let the syntactic variable B range over the logical


Σ: Γ ; ∅ − B1 . . . Σ: Γ ; ∅ − Bn Σ: Γ ; ∆1 − C1 . . . Σ: Γ ; ∆m − Cm

Σ: Γ ; ∆1, . . . , ∆m, B − ABC

provided n, m ≥ 0, A is atomic, and 〈{B1, . . . , Bn}, {C1, . . . , Cm}, A〉 ∈ ‖B‖Σ .

Fig. 5.8. Backchaining for the intuitionistic linear logic fragment N .

formulas containing just the connectives >, &,−◦,⇒, and ∀. Then ‖B‖Σ isthe smallest set of triples of the form 〈Γ, ∆, B′〉, where Γ is a set of formulasand ∆ is a multiset of formulas, such that

1. 〈∅, ∅, B〉 ∈ ‖B‖Σ ,2. if 〈Γ,∆, B1 & B2〉 ∈ ‖B‖Σ then

〈Γ, ∆, B1〉 ∈ ‖B‖Σ and 〈Γ,∆, B2〉 ∈ ‖B‖Σ ;

3. if 〈Γ,∆, B1 ⇒ B2〉 ∈ ‖B‖Σ then 〈Γ ∪ {B1},∆, B2〉 ∈ ‖B‖Σ ;4. if 〈Γ,∆, B1 −◦B2〉 ∈ ‖B‖Σ then 〈Γ, ∆ ] {B1}, B2〉 ∈ ‖B‖Σ ;5. if 〈Γ,∆, ∀xτ .B′〉 ∈ ‖B‖Σ and t is a Σ-term of type τ , then

〈Γ, ∆,B′[t/x]〉 ∈ ‖B‖Σ .

Let L′ be the proof system that results from replacing the init, −◦L,⇒L,&L, and ∀L rules in Figure 5.5 with the backchaining inference rule inFigure 5.8.

Proposition 5.4 Let B be a formula, Γ a set of formulas, and ∆ a multisetof formulas, all over the logical constants >, &,−◦,⇒, and ∀. The sequentΣ: Γ ;∆ − B has a proof in L if and only if it has a proof in L′.

A proof of this proposition can follow the lines given for fohh (see, forexample, the proof in [HM94]). We shall delay in providing more details tothe proof here since this proposition is a simple consequence of the focusingresult for full linear logic (see Proposition 5.6).

It is now clear from the O-proof system (Figure 5.7 and with the right-rules from Figure 5.5) that the dynamics of proof search in this setting hasimproved beyond that described for fohh (Section 4.7). In particular, everysequent in an O-proof of the sequent Σ:P; ∆ − G is either of the form

Σ, Σ′:P,P ′;∆′ − G′ or Σ,Σ′:P,P ′; ∆′ D−−− A.

Just as with fohh, the signature can grown by the addition of Σ′ and theunbounded context can grown by the addition of P ′. The bounded context,∆′, however, can change in much more general and arbitrary ways. Formulasin the bounded context that were present at the root of a proof may notnecessarily be present later (higher) in the proof. As we shall see later, we canuse formulas in the bounded context to represent, say, state of a computation:a switch that is off but later on, etc.

5.3 Embedding fohh into intuitionistic linear logic 55

5.3 Embedding fohh into intuitionistic linear logic

The abstract logic programming language 〈N1,N1,`L〉 has been also calledLolli (after the lollipop shape of the −◦). As a programming language, Lolliis essentially fohh with −◦ added. To make this connection more precise, weshould show how fohh can be embedded into Lolli (since, technically, they usedifferent sets of connectives). Girard has presented a mapping of intuitionis-tic logic into linear logic that preserves not only provability but also proofs[Gir87]. On the fragment of intuitionistic logic containing >, ∧, ⊃, and ∀, thetranslation is given by:

(A)0 = A, where A is atomic,(>)0 = 1,

(B1 ∧B2)0 = (B1)0 & (B2)0,(B1 ⊃ B2)0 = !(B1)0 −◦ (B2)0,

(∀x.B)0 = ∀x.(B)0.

However, if we are willing to focus attention on only cut-free proofs in intu-itionistic logic and in linear logic, it is possible to define a “tighter” translation.Consider the following two translation functions.

(A)+ = (A)− = A, where A is atomic(>)+ = 1 (>)− = >

(B1 ∧B2)+ = (B1)+ ⊗ (B2)+

(B1 ∧B2)− = (B1)− & (B2)−

(B1 ⊃ B2)+ = (B1)− ⇒ (B2)+

(B1 ⊃ B2)− = (B1)+ −◦ (B2)−

(∀x.B)+ = ∀x.(B)+

(∀x.B)− = ∀x.(B)−

If we allow positive occurrences of ∨ and ∃ within cut-free proofs, as in proofsinvolving the hereditary Harrop formulas, we would also need the followingtwo clauses.

(B1 ∨B2)+ = (B1)+ ⊕ (B2)+

(∃x.B)+ = ∃x.(B)+

Proposition 5.5 Let Σ be a signature, B be a Σ-formula and Γ a set ofΣ-formulas, all over the logical constants >,∧,⊃, and ∀. Define Γ− to bethe multiset {C− | C ∈ Γ}. Then, Σ: Γ `I B if and only if the sequentΣ: Γ−; ∅ − B+ has a cut-free proof in L′.

This proposition is a consequence of the more general Proposition 5.6.A consequence of the proof of this proposition is that O-proofs involving

Horn clauses or hereditary Harrop formulas are essentially the same as the L-proofs of their translations. This suggests how to design the concrete syntax ofa linear logic programming language so that the interpretation of Prolog andλProlog programs remains unchanged when embedded into this new setting.For example, the Prolog syntax


A0 : − A1, . . . , An

is traditionally intended to denote (the universal closure of) the formula

(A1 ∧ . . . ∧An) ⊃ A0.

Given the negative translation above, such a Horn clause would then be trans-lated to the linear logic formula

(A1 ⊗ . . .⊗An)−◦A0.

Thus, the comma in Prolog denotes ⊗ and : − denotes the converse of −◦.For another example, the natural deduction rule for the introduction of

implication, often expressed using the diagram

(A)...B

A ⊃ B,

can be written as the following first-order formula for axiomatizing a truthpredicate:

∀A∀B((true(A) ⊃ true(B)) ⊃ true(A imp B)),

where the domain of quantification is over propositional formulas of the object-language and imp is the object-level implication. This formula is written inλProlog using the syntax

true (A imp B) :- true A => true B.

Given the above proposition, this formula can be translated to the formula

∀A∀B((true A ⇒ true B)−◦ true (A imp B)),

which means that the λProlog symbol => should denote ⇒. Thus, in theimplication introduction rule displayed above, the meta-level implication rep-resented as three vertical dots can be interpreted as an intuitionistic implica-tion while the meta-level implication represented as the horizontal bar can beinterpreted as a linear implication.

5.4 Multiple conclusion uniform proofs

Our proof search analysis so far has been has not addressed the nature of proofsearch in multiple conclusion sequent calculi. Notice that with the restrictionto single-conclusion calculi, negation is restricted: an occurrence of B⊥ on theleft of the sequent arrow can only be replaced with an occurrence of B on theright if the right-hand of the sequent is empty. Thus, the negation B⊥ can

5.4 Multiple conclusion uniform proofs 57

only be used (introduced on the left) if the sequent one is attempting to proveencodes a negation (a sequent with an empty right-hand side). This kind ofrestriction on negation is not imposed in a multi-conclusion sequent calculus:at any point in searching for a proof of a sequent containing B⊥, that searchcan, in principle, continue with B moved to the other side of the sequentarrow. This switching of sides can be done without regard to the structure ofthe rest of the sequent. With restrictions removed from negation, the logicalconnectives enjoy rich dualities.

To extend the notion of goal-directed search, the key observation that wewish to maintain is that goal formulas (right-hand side formulas) are able to beintroduced without any restriction, no matter what other formulas are on theleft or right of the sequent arrow. Thus, we should be able to simultaneously in-troduce all the logical connectives on the right of the sequent arrow. Althoughthe sequent calculus cannot deal directly with simultaneous rule application,reference to permutabilities of inference rules [Kle52] can indirectly addresssimultaneity. That is, we can require that if two or more right-introductionrules can be used to derive a given sequent, then all possible orders of applyingthose right-introduction rules can, in fact, be done and the resulting proofsare all equal modulo permutations of introduction rules.

More precisely: A cut-free sequent proof Ξ is uniform if for every subproofΞ ′ of Ξ and for every non-atomic formula occurrence B in the right-handside of the end-sequent of Ξ ′, there is a proof Ξ ′′ that is equal to Ξ ′ up to apermutation of inference rules and is such that the last inference rule in Ξ ′′

introduces the top-level logical connective of B. Clearly this notion of uniformproof extends the one given in Section 4.1. We similarly extend the notion ofabstract logic programming language to be a triple 〈D,G,`〉 such that for allsequents with formulas from D on the left and formulas from G on the right,that sequent as a proof if and only if it has a uniform proof.

In the Section 5.2, N1 was defined to be the set of all first-order formulasover the logical connectives >, &,−◦,⇒, and ∀. Consider now the set N2 tobe all formulas over these connectives as well as ⊥, .................................................

.............................................. , and ?. In Exercise 43 it

was established that this set of connectives is complete for all of linear logic.In fact, one only needs to add the multiplicative false ⊥ since ? and .................................................

.............................................. , can

be defined in terms of the remaining connectives.

?B ≡ (B −◦ ⊥) ⇒ ⊥ and B.................................................

.............................................. C ≡ (B −◦ ⊥)−◦ C

The set N2 has been called the (first-order) Forum presentation of linear logic.The F proof system for Forum, given in Figure 5.9, contains sequents

having the form

Σ: Ψ ; ∆ −→ Γ ; Υ and Σ:Ψ ;∆ B−→ Γ ;Υ,

where Σ is a signature, ∆ is a multiset of formulas, Γ is a list of formulas,Ψ and Υ are sets of formulas, and B is a formula. All of these formulas are


Σ-formulas from N2. The intended meanings of these two sequents in linearlogic are

!Ψ, ∆ − Γ, ? Υ and ! Ψ, ∆, B − Γ, ? Υ,

respectively, where the list Γ is coerced to a multiset. In the proof system ofFigure 5.9, the only right rules are those for sequents of the form Σ: Ψ ; ∆ −→Γ ; Υ . In fact, the only formula in Γ that can be introduced is the left-most,non-atomic formula in Γ . This style of selection is specified by using thesyntactic variable A to denote a list of atomic formulas. Thus, the right-handside of a sequent matches A, B&C, Γ if it contains a formula that is a top-level& for which at most atomic formulas can occur to its left. Both A and Γ maybe empty. Left rules are applied only to the formula B that labels the sequentarrow in Σ:Ψ ;∆ B−→ A;Υ . The notation A1 +A2 matches a list A if A1 andA2 are lists that can be interleaved to yield A: that is, the order of membersin A1 and A2 is as in A, and (ignoring the order of elements) A denotes themultiset set union of the multisets represented by A1 and A2.

Given the intended interpretation of sequents in F , the following soundnesstheorem can be proved by simple induction on the structure of F proofs.

Theorem 2 (Soundness). If the sequent Σ: Ψ ; ∆ −→ Γ ; Υ has an F proofthen ! Ψ,∆ ` Γ, ? Υ . If the sequent Σ: Ψ ; ∆ B−→ A;Υ has an F proof then!Ψ, ∆, B ` Γ, ? Υ .

The completeness theorem for Forum and the F proof system is delayedto the next section.

As a presentation of linear logic, Forum and its proof system F is arather odd. First, Forum’s proof system does not contain the cut-rule whereasmost presentation of linear logic are concerned with the dynamics of cut-elimination. Since we are interested in proof search instead of proof normal-ization, this dispensing with the cut-rule is understandable. Second, negationis not a primitive and the de Morgan dual of a logical connective in N2 is not,in fact, present in N2. Again, most proof systems for linear logic (even theone in Figure 5.1) are more symmetric in that if they contain a connective,they also contain its dual. Instead, Forum gives the two implications, −◦ and⇒, are a central role and, thus, contribute to the asymmetric nature of Forumspecifications. The choice of implications make it easy for Forum to generalizelogic programming based on Horn clauses, hereditary Harrop formulas, andLolli. The backchaining rule is also naturally understood as reading an impli-cation in “reverse”. Although cut is not an inference rule and duality is not afeature of the logical connectives used in Forum, cut-elimination and dualitywill play a significant role in how one reasons about Forum specifications.

5.5 Focused proofs

Completeness of F for full linear logic is essentially a translation of the com-pleteness of focused proofs [And92], a result that we now present.

5.5 Focused proofs 59

Σ: Ψ ; ∆ −→ A,>, Γ ; Υ>R

Σ: Ψ ; ∆ −→ A, B, Γ ; Υ Σ: Ψ ; ∆ −→ A, C, Γ ; Υ

Σ: Ψ ; ∆ −→ A, B & C, Γ ; Υ& R

Σ: Ψ ; ∆ −→ A, Γ ; Υ

Σ: Ψ ; ∆ −→ A,⊥, Γ ; Υ⊥R

Σ: Ψ ; ∆ −→ A, B, C, Γ ; Υ

Σ: Ψ ; ∆ −→ A, B.................................................

.............................................. C, Γ ; Υ

............................................................................................... R

Σ: Ψ ; B, ∆ −→ A, C, Γ ; Υ

Σ: Ψ ; ∆ −→ A, B −◦ C, Γ ; Υ−◦ R

Σ: B, Ψ ; ∆ −→ A, C, Γ ; Υ

Σ: Ψ ; ∆ −→ A, B ⇒ C, Γ ; Υ⇒ R

y: τ, Σ: Ψ ; ∆ −→ A, B[y/x], Γ ; Υ

Σ: Ψ ; ∆ −→ A, ∀τx.B, Γ ; Υ∀R Σ: Ψ ; ∆ −→ A, Γ ; B, Υ

Σ: Ψ ; ∆ −→ A, ? B, Γ ; Υ?R

Σ: B, Ψ ; ∆B−→ A; Υ

Σ: B, Ψ ; ∆ −→ A; Υdecide !

Σ: Ψ ; ∆ −→ A, B; B, Υ

Σ: Ψ ; ∆ −→ A; B, Υdecide ?

Σ: Ψ ; ∆B−→ A; Υ

Σ: Ψ ; B, ∆ −→ A; Υdecide

Σ: Ψ ; · A−→ A; Υinitial

Σ: Ψ ; · A−→ ·; A, Υinitial ?

Σ: Ψ ; · ⊥−→ ·; Υ⊥L

Σ: Ψ ; ∆Bi−→ A; Υ

Σ: Ψ ; ∆B1&B2−→ A; Υ

& LiΣ: Ψ ; B −→ ·; ΥΣ: Ψ ; · ? B−→ ·; Υ

? L

Σ: Ψ ; ∆1B−→ A1; Υ Σ: Ψ ; ∆2

C−→ A2; Υ

Σ: Ψ ; ∆1, ∆2B

............................................................................................... C−→ A1 +A2; Υ

............................................................................................... L

Σ: Ψ ; ∆B[t/x]−→ A; Υ

Σ: Ψ ; ∆∀τ x.B−→ A; Υ

∀L

Σ: Ψ ; ∆1 −→ A1, B; Υ Σ: Ψ ; ∆2C−→ A2; Υ

Σ: Ψ ; ∆1, ∆2B−◦C−→ A1 +A2; Υ

−◦ L

Σ: Ψ ; · −→ B; Υ Σ: Ψ ; ∆C−→ A; Υ

Σ: Ψ ; ∆B⇒C−→ A; Υ

⇒ L

Fig. 5.9. The F proof system. The rule ∀R has the proviso that y is not in thesignature Σ, and the rule ∀L has the proviso that t is a Σ-term of type τ . In &Li,i = 1 or i = 2.

Let L2 be the set of formulas all of whose logical connectives are fromthe list ⊥, .................................................

.............................................. , >, &, ?, ∀ (those used in L1 minus the two implications) along

with the duals of these connectives, namely, 1, ⊗, 0, ⊕, !, and ∃. Negations ofatomic formulas are also allowed, and we write B⊥, for non-atomic formula B,to denote the formula that results from giving negations atomic scope usingthe de Morgan dualities of linear logic. (Notice that negation is no longer alogical connective: it computes de Morgan dual.) A formula is asynchronousif it has a top-level logical connective that is either ⊥, .................................................

.............................................. , >, &, ?, or ∀, and

is synchronous if it has a top-level logical connective that is either 1, ⊗, 0, ⊕,!, and ∃.

Figure 5.10 contains the J proof system, which is composed of two kinds of(one-sided) sequents, namely, Σ:Ψ ;∆ ⇑ L and Σ:Ψ ;∆ ⇓ G. In such sequents,


Σ: Ψ ; ∆ ⇑ L

Σ: Ψ ; ∆ ⇑ ⊥, L[⊥]

Σ: Ψ ; ∆ ⇑ F, G, L

Σ: Ψ ; ∆ ⇑ F.................................................

.............................................. G, L

[.................................................

.............................................. ]

Σ: Ψ, F ; ∆ ⇑ L

Σ: Ψ ; ∆ ⇑ ? F, L[?]

Σ: Ψ ; ∆ ⇑ >, L[>]

Σ: Ψ ; ∆ ⇑ F, L Σ: Ψ ; ∆ ⇑ G, L

Σ: Ψ ; ∆ ⇑ F & G, L[&]

y : τ, Σ: Ψ ; ∆ ⇑ B[y/x], L

Σ: Ψ ; ∆ ⇑ ∀τx.B, L[∀]

Σ: Ψ ; · ⇓ 1[1]

Σ: Ψ ; ∆1 ⇓ F Σ: Ψ ; ∆2 ⇓ G

Σ: Ψ ; ∆1, ∆2 ⇓ F ⊗G[⊗]

Σ: Ψ ; · ⇑ F

Σ: Ψ ; · ⇓ ! F[!]

Σ: Ψ ; ∆ ⇓ Fi

Σ: Ψ ; ∆ ⇓ F1 ⊕ F2[⊕i]

Σ: Ψ ; ∆ ⇓ B[t/x]

Σ: Ψ ; ∆ ⇓ ∃τx.B[∃]

Σ: Ψ ; ∆, F ⇑ L

Σ: Ψ ; ∆ ⇑ F, L[R ⇑] provided that F is not asynchronous

Σ: Ψ ; ∆ ⇑ F

Σ: Ψ ; ∆ ⇓ F[R ⇓] provided that F is either asynchronous or an atom

Σ: Ψ ; A ⇓ A⊥[I1]

Σ: Ψ, A; · ⇓ A⊥[I2]

Σ: Ψ ; ∆ ⇓ F

Σ: Ψ ; ∆, F ⇑ · [D1]Σ: Ψ ; ∆ ⇓ F

Σ: Ψ, F ; ∆ ⇑ · [D2]

Fig. 5.10. The J proof system. The rule [∀] has the proviso that y is not in Σ, andthe rule [∃] has the proviso that t is a Σ-term of type τ . In [⊕i], i = 1 or i = 2.

Ψ is a set of formulas, ∆ is a multiset of formulas, L is a list of formulas, andG is a single formula. Andreoli showed in [And92] that this proof system iscomplete for first-order linear logic.

Proposition 5.6 If ! Ψ, ∆ ` Γ, ?Υ then the sequent Σ:Ψ⊥, Υ ; ∆⊥ ⇑ Γ has aJ proof.

The following theorem shows that the F and J proof systems are similar,and in this way, the completeness for F is established. Before proving the com-pleteness of F we state the following technical result used in the completenesstheorem (proved by induction on the structure of proofs in F).

Lemma 1. Let A and A′ be lists of atoms that are permutations of eachother. If the sequent Σ: Ψ ; ∆ −→ A, Γ ; Υ has an F proof then so too doesΣ: Ψ ; ∆ −→ A′, Γ ; Υ . Similarly, if the sequent Σ:Ψ ; ∆ B−→ A; Υ has an Fproof then so too does Σ: Ψ ; ∆ B−→ A′;Υ .

Theorem 3 (Completeness). Let Σ be a signature, ∆ be a multiset of L1

Σ-formulas, Γ be a list of L1 Σ-formulas, and Ψ and Υ be sets of L1 Σ-formulas. If !Ψ, ∆ ` Γ, ?Υ then the sequent Σ: Ψ ; ∆ −→ Γ ; Υ has a proof inF .

The proof of this is a tedious proof that one proof system can be translatedto the other proof system. For a detailed proof, see [Mil96].

5.5 Focused proofs 61

Exercise 51. Notice that the proof rule in F for ?L is unlike the other leftrules in that it does not maintain focus on positive subformulas as one movesfrom the conclusion to a premise. Consider the following variation to thatinference rule.

Σ: Ψ ; · B−→ ·; ΥΣ: Ψ ; · ? B−→ ·; Υ

? L′

Show that if we replace ?L with ? L′ then the resulting proof system is nolonger complete. In particular, the formula

?(a−◦ b)−◦ ?(a−◦ b)

does not have a proof.

6

Linear Logic Programming

In order to present several examples in this chapter, we shall extend the useof λProlog-like syntax to allow to specify some linear logic programs. Thesymbols , (comma), true, =>, and :- of Prolog and λProlog will be usedhere to represent ⊗, 1, ⇒, and the converse of −◦, respectively. In addition,we allow formulas to have occurrences of &, bang, erase, -o, and <=, whichdenote, respectively, &, !, >, −◦, and the converse of ⇒. Finally, the clausesof a program are assumed to reside in the unbounded portion of an initialproof context: that is, an surrounding ! is assumed for any program clauseswe display.

6.1 Toggling a switch

If we assume that the state of a switch is stored in the bounded part of theproof context using one of the atomic formulas on or off, then the followingtwo clauses specify a higher-order predicate toggle that is provable of anyformula G in a given context if G is provable when the switch is set to theopposite setting.

toggle G :- on, (off -o G).toggle G :- off, (on -o G).

While this example involves a quantification over propositions (the variableG), and as such is not strictly a first-order specification, the intended meaningof the specification should be clear. (For now, one can fix G to be any goal.)Figure 6.1 (in which the set Γ is assumed to contain the above two clauses fortoggle) shows how a bottom-up search using these clauses progresses. Thislinear refinement of hereditary Harrop formulas provides a straightforwarddeclarative treatment of state update in that setting.

64 6 Linear Logic Programming

Γ ; off −→ off

....Γ ; ∆, on −→ G

Γ ; ∆ −→ on−◦ GΓ ; ∆, off −→ off⊗ (on−◦ G)

Γ ; ∆, off −→ toggle G

Fig. 6.1. Proof search for toggling a switch

6.2 Permuting a list

Since the bounded part of contexts in L-proofs are multisets, it is a simplematter to permute a list by first loading the list’s members into the boundedpart of a context and then unloading them. The latter operation is nondeter-ministic and can succeed once for each permutation of the loaded list. Considerthe following simple program:

load nil K :- unload K.load (X::L) K :- (item X -o load L K).unload nil.unload (X::L) :- item X, unload L.

Here, nil denotes the empty list and :: the list constructor. The meaningof load and unload is dependent on the contents of the bounded part of thecontext, so the correctness of these clauses must be stated relative to a context.Let Γ be a set of formulas containing the four formulas displayed above andany other formulas that do not contain either item, load, or unload as theirhead symbol. (The head symbol of a formula of the form A or G −◦ A is thepredicate symbol that is the head of the atom A.) Let ∆ be the multisetcontaining exactly the atomic formulas

item a1, . . ., item an.

We shall say that such a context encodes the multiset {a1, . . . , an}. It is nowan easy matter to prove the following two assertions about load and unload:

• The goal (unload K) is provable from Γ ;∆ if and only if K is a list contain-ing the same elements with the same multiplicity as the multiset encodedin ∆.

• The goal (load L K) is provable from Γ ;∆ if and only if K is a list contain-ing the same elements with the same multiplicity as in the list L togetherwith the multiset encoded in the context ∆.

In order for load and unload to correctly permute the elements of a list, wemust guarantee two things about the context: first, the predicates item, load,and unload cannot be used as head symbols in any part of the context exceptas specified above and, second, the bounded part of a context must be emptyat the start of the computation of a permutation. It is possible to handle the

6.4 Context management in theorem provers 65

first condition by making use of appropriate quantifiers over the predicatenames item, load, and unload (we discuss such “higher-order quantification”elsewhere). The second condition — that the unbounded part of a context isempty — can be managed by making use of the modal nature of !, which wenow discuss in more detail.

Consider proving the sequent Γ ; ∆ −→ !G1 ⊗ G2, where Γ and ∆ areprogram clauses and G1 and G2 are goal formulas. Given the completenessof uniform proofs for the system L′, this is provable if and only if the twosequents Γ ; ∅ −→ G1 and Γ ; ∆ −→ G2 are provable. In other words, the useof the “of-course” operator forces G1 to be proved with an empty boundedcontext. In a sense, since bounded resources can come and go within contextsduring a computation, they can be viewed as “contingent” resources, whereasunbounded resources are “necessary”. The “of-course” operator attached toa goal ensures that the provability of the goal depends only on the necessaryand not the contingent resources of the context.

It is now clear how to define the permutation of two lists given the exampleprogram above: add either the formula

perm L K :- bang(load L K).

or, equivalently, the formula

perm L K <= load L K.

to those defining load and unload. Thus attempting to prove (perm L K) willresult in an attempt to prove (load L K) with an empty bounded context.From the description of load above, L and K must be permutations of eachother.

Exercise 52. Prove that there is a goal-directed proof of !G if and only ifthere is such a proof of 1 & G.

6.3 Lazy splitting of contexts

Deal with splitting. Do this by making the left multiset an abstractions andshow how it can be reimplemented.

6.4 Context management in theorem provers

Intuitionistic logic is a useful meta-logic for the specification of provability invarious object-logics. For example, consider axiomatizing provability in propo-sitional, intuitionistic logic over the logical symbols imp, and, or, and false(denoting object-level implication, conjunction, disjunction, and absurdity). Areasonable specification of the natural deduction inference rule for implicationintroduction is:


pv (A imp B) :- hyp A => pv B.

where pv and hyp are meta-level predicates denoting provability and hypoth-esis. (This specification of implication introduction is similar to that givenin the preceding section.) Operationally, this formula states that one way toprove A imp B is to add the object-level hypothesis A to the context andattempt a proof of B. In the same setting, conjunction elimination can beexpressed by the formula

pv G :- hyp (A and B), (hyp A => hyp B => pv G).

This formula states that in order to prove some object-level formula G, firstcheck to see if there is a conjunctive hypothesis, say (A and B), in the contextand, if so, attempt a proof of G from the context extended with the twohypotheses A and B. Other introduction and elimination rules can be specifiedsimilarly. Finally, the formula

pv G :- hyp G.

is needed to actually complete a proof. With the complete specification, it iseasy to prove that there is a proof of (pv G) from the assumptions (hyp H1),. . ., (hyp Hi) in the meta-logic if and only if there is a proof of G from theassumptions H1, . . ., Hi in the object-logic.

pv (A and B) :- pv A & pv B.

pv (A imp B) :- hyp A -o pv B.

pv (A or B) :- pv A.

pv (A or B) :- pv B.

pv G :- hyp (A and B), (hyp A -o hyp B -o pv G).

pv G :- hyp (A or B), ((hyp A -o pv G) & (hyp B -o pv G)).

pv G :- hyp (C imp B), ((hyp (C imp B) -o pv C) &

(hyp B -o pv G)).

pv G :- hyp false, erase.

pv G :- hyp G, erase.

Fig. 6.2. A specification of an intuitionistic propositional object-logic

Unfortunately, an intuitionistic meta-logic does not permit the naturalspecification of provability in logics that have restricted contraction rules —such as linear logic itself — because hypotheses are maintained in intuitionisticlogic contexts and hence can be used zero or more times. Even in describingprovability for propositional intuitionistic logic there are some drawbacks.For instance, it is not possible to logically express the fact that a conjunctiveor disjunctive formula in the proof context needs to be eliminated at mostonce. So, for example, in the specification of conjunction elimination, oncethe context is augmented with the two conjuncts, the conjunction itself is nolonger needed in the context.

6.5 Multiset rewriting 67

If, however, we replace the intuitionistic meta-logic with our refinementbased on linear logic, these observations about use and re-use in intuitionisticlogic can be specified elegantly, as is done in Figure 6.2. In that specification,a hypothesis is both “read from” and “written into” a context during theelimination of implications. All other elimination rules simply “read from”the context; they do not “write back.” The formulas represented by the lasttwo clauses in Figure 6.2 use a ⊗ with >: this allows for all unused hypothesesto be erased, since the object logic has no restrictions on weakening.

It should be noted that this specification cannot be used effectively witha depth-first interpreter because if the implication left rule can be used once,it can be used any number of times, thereby causing the interpreter to loop.Fortunately, improvements in the implication left-introduction rule are known.For example, the proof system given by Dyckhoff in [Dyc92] can be expresseddirectly in this setting by replacing the one formula specifying implicationelimination in Figure 6.2 with the five clauses for implication eliminationand the (partial) axiomatization of object-level atomic formulas in Figure 6.3.Executing this linear logic program in a depth-first interpreter yields a decision

pv G :- hyp ((C imp D) imp B),

((hyp (D imp B) -o pv (C imp D)) & (hyp B -o pv G)).

pv G :- hyp ((C and D) imp B), (hyp (C imp (D imp B)) -o pv G).

pv G :- hyp ((C or D) imp B),

(hyp (C imp B) -o hyp (D imp B) -o pv G).

pv G :- hyp (false imp B), pv G.

pv G :- hyp (A imp B), isatom A, hyp A, (hyp B -o hyp A -o pv G).

isatom p.

isatom q.

isatom r.

Fig. 6.3. A contraction-free formulation of ⊃ L

procedure for propositional intuitionistic logic.

6.5 Multiset rewriting

The ideas presented in the permutation example can easily be expanded uponto show how the bounded part of a context can be employed to do multisetrewriting. Let H be the multiset rewriting system {〈Li, Ri〉 | i ∈ I} wherefor each i ∈ I (a finite index set), Li and Ri are finite multisets. Define therelation M =⇒H N on finite multisets to hold if there is some i ∈ I and somemultiset C such that M is C ]Li and N is C ]Ri. Let =⇒∗

H be the reflexiveand transitive closure of =⇒H .


Given a rewriting system H, we wish to specify a binary predicate rewritesuch that (rewrite L K) is provable if and only if the multisets encoded byL and K stand in the =⇒∗

H relation. Let Γ0 be the following set of formulas(these are independent of H):

rewrite L K <= load L K.

load (X::L) K :- (item X -o load L K).load nil K :- rew K

rew K :- unload K.

unload (X::L) :- item X, unload L.unload nil.

Taken alone, these clauses give a slightly different version of the permuteprogram of the last example. The only addition is the binary predicate rew,which will be used as a socket into which we can plug a particular rewritesystem.

In order to encode a rewrite system H, each rewrite rule in H is given bya formula specifying an additional clause for the rew predicate as follows: IfH contains the pair 〈{a1, . . . , an}, {b1, . . . , bm}〉 then this pair is encoded asthe clause:

rew K :- item a1, ..., item an,(item b1 -o ... -o item bm -o rew K).

If either n or m is zero, the appropriate portion of the formula is deleted.Operationally, this clause reads the ai’s out of the bounded context, loadsthe bi’s, and then attempts another rewrite. Let ΓH be the set resultingfrom encoding each pair in H. As an example, if H is the set of pairs{〈{a, b}, {b, c}〉, 〈{a, a}, {a}〉} then ΓH is the set of clauses:

rew K :- item a, item b, (item b -o (item c -o rew K)).rew K :- item a, item a, (item a -o rew K).

The following claim is easy to prove about this specification: if M and Nare multisets represented as the lists L and K, respectively, then M =⇒∗

H Nif and only if the goal (rewrite L K) is provable from the context Γ0, ΓH ; ∅.

One drawback of this example is that rewrite is a predicate on lists,though its arguments are intended to represent multi-sets, and are operatedon as such. Therefore, for each M , N pair this program generates a factor ofat least n! more proofs than the corresponding rewriting proofs, where n isthe cardinality of the multiset N . This redundancy could be addressed eitherby implementing a data type for multi-sets or, perhaps, by investigating anon-commutative variant of linear logic.

Exercise 53. Let P and Q be the tensor (⊗) of atomic formulas. Show that` P −◦Q implies ` Q−◦ P .

6.7 Asynchronous Communications 69

6.6 Examples in Forum

To illustrate how multiset rewriting is specified in Forum, consider the clause

a.................................................

.............................................. b ◦− c

............................................................................................... d

............................................................................................... e.

When presenting examples of Forum code we often use (as in this example)◦− and ⇐ to be the converses of −◦ and ⇒ since they provide a more naturaloperational reading of clauses (similar to the use of :- in Prolog). Here, .................................................

..............................................

binds tighter than ◦− and ⇐. Consider the sequent Σ: Ψ ; ∆ −→ a, b, Γ ; Υwhere the above clause is a member of Ψ . A proof for this sequent can thenlook like the following.

Σ:Ψ ;∆ −→ c, d, e, Γ ;ΥΣ:Ψ ;∆ −→ c, d

............................................................................................... e, Γ ; Υ

Σ:Ψ ;∆ −→ c.................................................

.............................................. d

............................................................................................... e, Γ ; Υ

Σ: Ψ ; · a−→ a; Υ Σ: Ψ ; · b−→ b; Υ

Σ:Ψ ; · a.................................................

.............................................. b−→ a, b;Υ

Σ:Ψ ;∆ c.................................................

.............................................. d.................................................

.............................................. e−◦a.................................................

.............................................. b−→ a, b, Γ ;Υ

Σ:Ψ ;∆ −→ a, b, Γ ;Υ

We can interpret this fragment of a proof as a reduction of the multiset a, b, Γto the multiset c, d, e, Γ by backchaining on the clause displayed above.

Of course, a clause may have multiple, top-level implications. In this case,the surrounding context must be manipulated properly to prove the sub-goalsthat arise in backchaining. Consider a clause of the form

G1 −◦G2 ⇒ G3 −◦G4 ⇒ A1.................................................

.............................................. A2

labeling the sequent arrow in the sequent Σ:Ψ ;∆ −→ A1, A2,A;Υ . An at-tempt to prove this sequent would then lead to attempt to prove the foursequents

Σ:Ψ ;∆1 −→ G1,A1;Υ Σ: Ψ ; · −→ G2; Υ

Σ:Ψ ;∆2 −→ G3,A2;Υ Σ: Ψ ; · −→ G4; Υ

where ∆ is the multiset union of ∆1 and ∆2, and A is A1 + A2. In otherwords, those subgoals immediately to the left of an ⇒ are attempted withempty bounded contexts: the bounded contexts, here ∆ and A, are dividedup and used in attempts to prove those goals immediately to the left of −◦.

6.7 Asynchronous Communications

Provide the two ways to view asyn communications from my FCS paper:multiset rewriting with one agent thread with messages. Also so the otherform that uses nested implications. The proof of equivalence waits until thehop chapter is finished.

7

Solutions to Selected Exercises

Exercise 12 (page 22). We provide only a high-level outline of the proof:various details need to be filled in.

For one direction, we shall show how to transform a C-proof with restartto a C-proof without restart. Since I-proofs are C-proofs, this establishes theforward implication. Restarts can be removed one-by-one via the followingtransformation.

ΞΣ: Γ − B,∆

Σ: Γ − C, ∆Restart

...Σ′: Γ ′ − B, ∆′

=⇒

ΞΣ:Γ − B, ∆

Σ:Γ − C, B, ∆wR

...Σ′: Γ ′ − B, B, ∆′ cR

Σ′: Γ ′ − B, ∆′

That is, the restart rule can be implemented using a contraction and a weak-ening on the right. Of course, one must check that the formula B can be addedto all possible inference rules below this occurrence of the restart rule.

For a sketch of the converse direction, consider a C-proof. Using Exer-cise 22, we can assume that both the antecedent and succedent of sequentsincrease monotonically when moving from the bottom up. (Note that thisform of proof uses a different form of the init rule and we are not allowed touse the wR rule.) Now mark a formula on the right-hand side of every sequentas follows. The single formula on the right of the endsequent is marked (as-suming that we start proof search with a single formula to prove). If the lastinference rule of the proof is a left-introduction rule, then the marked occur-rence of the formula in the conclusion is also marked in all the premises. If thelast inference rule is a right-introduction rule, the we have two cases: If theintroduced formula is already marked, then mark its subformulas that appearin the right-hand side of any premise (for example, if the marked formula isA ⇒ B then mark B in the premise; if the marked formula is A ∧ B thenmark A in one premise and B in the other; etc). Otherwise, the right-hand

72 7 Solutions to Selected Exercises

formula introduced is not marked, in which case, we have a marking break,and we mark in the premises of the inference rules the subformulas of theright-hand formula introduced and continue. The only other rules that mightbe applied are: cL, in which case the marked formula on the right persistsfrom conclusion to premise; cL, in which case, if the marked formula is theone contracted then select one of its copies to mark in the premise, otherwise,the marked formula persists in the premise; and init, in which case, if themarked formula on the right is not the same as the formula on the left, thenthis occurrence of the init rule is also a marking break.

To illustrate this notion of marking formulas, consider the following C-proof.

p − p, q∗, p ⊃ q, p ∨ (p ⊃ q) init∗

− p, (p ⊃ q)∗, p ⊃ q, p ∨ (p ⊃ q)⊃R

− p, (p ⊃ q)∗, p ∨ (p ⊃ q) cR

− p∗, p ∨ (p ⊃ q), p ∨ (p ⊃ q) ∨R∗

− p∗, p ∨ (p ⊃ q) cR

− p ∨ (p ⊃ q)∗, p ∨ (p ⊃ q) ∨R

− p ∨ (p ⊃ q)∗ cR

Here, an asterisk is used to indicate marked formulas and to indicate whichinference rules correspond to marking gaps.

Now the I-proof with Restart is built as follows. For sequents that are theconclusion of a rule that is not a marking break, delete all non-marked formulaon the right. For sequents that are the conclusion of a rule that is a markingbreak, then this one inference rule become two: an instance of the Restartrule must be inserted and then the version of the inference rule correspondingto the marking break is put into the proof with the non-marked right-handformulas deleted.

For example, performing this transformation on the C-proof yields thefollowing structure.

p − p init

p − q Restart

− p ⊃ q ⊃R

− p ⊃ q cR

− p ∨ (p ⊃ q) ∨R

− p Restart

− p cR

− p ∨ (p ⊃ q) ∨R

− p ∨ (p ⊃ q) cR

This sequence of rules is not yet an I-proof: there are three occurrences of cRthat are not allowed in I-proofs: these can either be deleted or reclassified asRestart rules.

7 Solutions to Selected Exercises 73

Exercise 53 (page 68). Prove by induction on n that if Γ is a multiset ofatoms and P is a tensor of atoms A1 ⊗ · · · ⊗ An (n ≥ 0) then Γ − P isprovable if and only if Γ is equal to the multiset {A1, . . . , An}. If n = 0 thenthis case is immediate since P is 1 and Γ is empty. Now, assume that n > 0and that P is (A1 ⊗ · · · ⊗Ai)⊗ (Ai+1 ⊗ · · · ⊗An). If Γ − P is provable thenthere is a multiset partition of Γ into Γ1 and Γ2 such that both sequents Γ1 −A1⊗· · ·⊗Ai and Γ2 − Ai+1⊗· · ·⊗An are provable. By induction, we have thatΓ1 is {A1, . . . , Ai} and Γ2 is {Ai+1, . . . , An} and, hence, Γ is {A1, . . . , An}.For the converse, assume that Γ1 and Γ2 are the multiset of atomic formulaoccurrences in P1 and P2, respectively. By induction, the sequents Γ1 − P1

and Γ2 − P2 are provable and, hence, so is Γ − P .

References

[Abr93] Samson Abramsky. Computational interpretations of linear logic. Theo-retical Computer Science, 111:3–57, 1993.

[And92] Jean-Marc Andreoli. Logic programming with focusing proofs in linearlogic. J. of Logic and Computation, 2(3):297–347, 1992.

[Chu40] Alonzo Church. A formulation of the simple theory of types. J. of Sym-bolic Logic, 5:56–68, 1940.

[Dyc92] Roy Dyckhoff. Contraction-free sequent calculi for intuitionistic logic. J.of Symbolic Logic, 57(3):795–807, September 1992.

[Fit69] Melvin C. Fitting. Intuitionistic Logic Model Theory and Forcing. North-Holland, 1969.

[Gal86] Jean H. Gallier. Logic for Computer Science: Foundations of AutomaticTheorem Proving. Harper & Row, 1986.

[Gen69] Gerhard Gentzen. Investigations into logical deductions. In M. E. Szabo,editor, The Collected Papers of Gerhard Gentzen, pages 68–131. North-Holland, Amsterdam, 1969.

[Gir87] Jean-Yves Girard. Linear logic. Theoretical Computer Science, 50:1–102,1987.

[GTL89] Jean-Yves Girard, Paul Taylor, and Yves Lafont. Proofs and Types. Cam-bridge University Press, 1989.

[Gug07] Alessio Guglielmi. A system of interaction and structure. ACM Trans.on Computational Logic, 8(1):1–64, January 2007.

[HM94] Joshua Hodas and Dale Miller. Logic programming in a fragment ofintuitionistic linear logic. Information and Computation, 110(2):327–365,1994.

[Kle52] Stephen Cole Kleene. Permutabilities of inferences in Gentzen’s calculiLK and LJ. Memoirs of the American Mathematical Society, 10:1–26,1952.

[Mil89] Dale Miller. A logical analysis of modules in logic programming. Journalof Logic Programming, 6(1-2):79–108, January 1989.

[Mil96] Dale Miller. Forum: A multiple-conclusion specification logic. TheoreticalComputer Science, 165(1):201–232, September 1996.

[ML82] Per Martin-Lof. Constructive mathematics and computer programming.In Sixth International Congress for Logic, Methodology, and Philosophyof Science, pages 153–175, Amsterdam, 1982. North-Holland.

76 References

[MNPS91] Dale Miller, Gopalan Nadathur, Frank Pfenning, and Andre Scedrov.Uniform proofs as a foundation for logic programming. Annals of Pureand Applied Logic, 51:125–157, 1991.

[MP02] Dale Miller and Elaine Pimentel. Using linear logic to reason aboutsequent systems. In Uwe Egly and Christian G. Fermuller, editors, In-ternational Conference on Automated Reasoning with Analytic Tableauxand Related Methods, volume 2381 of LNCS, pages 2–23. Springer, 2002.

[MP04] Dale Miller and Elaine Pimentel. Linear logic as a framework for specify-ing sequent calculus. In Jan van Eijck, Vincent van Oostrom, and AlbertVisser, editors, Logic Colloquium ’99: Proceedings of the Annual EuropeanSummer Meeting of the Association for Symbolic Logic, Lecture Notes inLogic, pages 111–135. A K Peters Ltd, 2004.

[Pra65] Dag Prawitz. Natural Deduction. Almqvist & Wiksell, Uppsala, 1965.[Tro73] Anne Sjerp Troelstra, editor. Metamathematical Investigation of Intu-

itionistic Arithmetic and Analysis, volume 344 of Lecture Notes in Math-ematics. Springer Verlag, 1973.

proof search and computation lecture notesproof search and computation lecture notes draft: april...

Documents